PC využívané někým jiným? Vyřešeno

[krejcus]

Ahoj, hrabal jsem se náhodou v compu a v driverech od me AMD grafiky jsem našel nainstalovanou hru, kterou jsem rozhodně neinstaloval, dále jsem v lupě našel vyhledávaný výraz (tu hru), který jsem také nehledal. Jak tomu mám rozumět? Mám nějaký vir, kdy mi je někdo schopný lézt do PC? Bydlím sám, na compa mi fyzicky nikdo určitě nelezl. Moc děkuji. Foto v příloze:

P.S. pardon za fotky mobilem.
P.S. 2 PC jsem projel již několika antiviry a nic nenašly.

[Reklama]

[flowem]

Rovnou jsi mohl do sekce HJT s logem viewtopic.php?p=24386#p24386
a budeš mít aspoň jistotu, že máš čistej komp. Ale ten log asi můžeš hodit i sem rovnou, on si toho někdo všimne...

[ITCrowd]

Vítej na PC-HELP!
V poslední době jsi nic neinstaloval? Neodklikal jsi automaticky instalaci i s dalším programem?

[petr22]

Ze by ti nekdo koupil hru, nainstaloval ji a nahral na ni 5 minut ?

Ponekud zvlastni chovani na hackera.

[krejcus]

Vítej na PC-HELP!
V poslední době jsi nic neinstaloval? Neodklikal jsi automaticky instalaci i s dalším programem?

Před 2 týdny jsem si ten PC pořídil z bazaru, disk naformátoval a provedl čistou instalačku W11 a samozřejmě i dalšího softwaru. Dávám si pozor, aby se mi spolu s jiným programem nenainstalovalo i něco jiného.

[petr22]

A je tam ten Alien nainstalovany, nebo neni?

Pokud ano, z jake sluzby ? Mas ho na nejake sluzbe pod svym uctem ?

[krejcus]

Rovnou jsi mohl do sekce HJT s logem viewtopic.php?p=24386#p24386
a budeš mít aspoň jistotu, že máš čistej komp. Ale ten log asi můžeš hodit i sem rovnou, on si toho někdo všimne...

Dík za radu, tady je:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:06:41, on 05.11.2022
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.22621.0001)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
C:\Users\krejc\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: 109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repack.com # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirlrepack.games # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
O1 - Hosts: 109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
O1 - Hosts: 109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repack.net # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirlpack.site # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repack.org # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_E4FC8AA13BCD6418C418C02EC7C5DF11] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\Windows\System32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\System32\DriverStore\FileRepository\u0384626.inf_amd64_709232910597852f\B384589\atiesrxx.exe
O23 - Service: AMD User Experience Program Data Uploader (AUEPLauncher) - AMD - C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe
O23 - Service: CCleaner Performance Optimizer Service (CCleanerPerformanceOptimizerService) - Piriform Software Ltd - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_804870b - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - Epic Games, Inc - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\107.0.5304.88\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\Windows\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\Sgrm\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\Sgrm\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\steamservice.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12379 bytes

[krejcus]

A je tam ten Alien nainstalovany, nebo neni?

Pokud ano, z jake sluzby ? Mas ho na nejake sluzbe pod svym uctem ?

V PC ho nikde nevidím.

[petr22]

Ta hra ma 30 GB, se jen tak nemuze schovat.

Mas ji ty nekde koupenou ?

[krejcus]

Ta hra ma 30 GB, se jen tak nemuze schovat.

Mas ji ty nekde koupenou ?

Já ji nikdy nehrál ani neměl v úmyslu hrát. Takže nemám ji koupenou ani staženou ani nic .

[ParzivaltheTwelfth]

"O1 - Hosts: 109.94.209.70 fitgirlrepacks.co # Fake FitGirl site"

Ty jsi něco stahoval z Fake stránek FitGirl. Bůh ví, co bylo v tý instalačce.

[krejcus]

"O1 - Hosts: 109.94.209.70 fitgirlrepacks.co # Fake FitGirl site"

Ty jsi něco stahoval z Fake stránek FitGirl. Bůh ví, co bylo v tý instalačce.

Při instalaci z těch originálních se dá zaškrtnout, aby se zablokovaly ty fake stránky, proto je to vidět i v tom logu. Určitě jsem stahoval z origa.