Přidaný disk s čínskými znaky - log

[Rudy]

Zdravím!
Nejprve projeďte disk pomocí USBFix: http://forum.viry.cz/viewtopic.php?f=24&t=140144 . Pak spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Rudy]

OK. Dejte nové logy FRST+Addition.

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
Task: {0385173E-7F4D-4D7B-8509-7C1E6ADA441F} - System32\Tasks\VirtuaWin\VirtuaWin => C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe [160782 2016-03-12] (VirtuaWin) [File not signed] <==== ATTENTION
Task: {1F28F1AF-93B9-4F84-914A-2D041F165096} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4D1DAFE7-D717-4135-A8B8-C598F71E81D5} - \WPD\SqmUpload_S-1-5-21-2982683719-902784840-2532129548-1001 -> No File <==== ATTENTION
Task: {551E232A-2EEA-4166-849B-EEB125EE4F8F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {57BFE17B-7EC4-441B-B33E-A351B5D0F547} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {59B0A08E-7481-4917-94F3-67B269A33637} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {59C974A9-E41E-4DAB-BFE0-DFA0808C0FCC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {767F2428-FB82-4F31-804D-0FABC418C7CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8EFFDC17-E87E-4C30-A09B-E80FD2085B4A} - System32\Tasks\{F5318BBF-D708-4294-8A52-F321CD7DB63D} => C:\Windows\system32\pcalua.exe -a C:\Users\Shaim\Downloads\Adobe_Reader_9.0_Lite_ENG.exe -d C:\Users\Shaim\Downloads
Task: {921BE348-250E-4306-AABF-AE84833DB27B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A2C5BFFA-F330-4B1D-BEEF-2DBCE43D9B2D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A3CB6D5E-0B3C-45C2-8107-5E034240CC2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {A60E7F5D-5D8A-40D1-B830-27ED2F01694B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B6BB9CC2-373F-4EA9-9CC1-3FD958BD83ED} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C19DABCE-2AEB-47ED-9232-4B029EE04D83} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CD19A5B1-6215-4160-81A6-1D7F8644564E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL => No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
OPR Extension: (微页新标签页) - C:\Users\Shaim\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifaelepggamjkbiaikiolihkdmfnpblb [2018-12-12]
U3 WMPNetworkSvc; no ImagePath
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [XpressZip] -> {855E3745-59C3-4A96-B45E-C259B5972A06} => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\XpressZip\XpressZip.dll -> No File
ContextMenuHandlers2: [XpressZip] -> {855E3745-59C3-4A96-B45E-C259B5972A06} => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\XpressZip\XpressZip.dll -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [LDSShellExt] -> {B3A2F1A4-10A2-410C-9C19-622B621C61D0} => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\lds\LDSShellExt\LDSShellExt64.dll -> No File
ContextMenuHandlers5: [TutuShellExt] -> {479B2FDB-3325-4916-97FF-FD0CBB934EFE} => C:\WINDOWS\system32\EPMenu64.dll -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [XpressZip] -> {855E3745-59C3-4A96-B45E-C259B5972A06} => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\XpressZip\XpressZip.dll -> No File
FirewallRules: [{CF494AF7-EECB-4706-813B-127A9DD43F81}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BirdWallpaper\360wpsrv.exe No File
FirewallRules: [{B8DB4122-138E-4B4E-B41D-100B5E7551A4}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BirdWallpaper\360wpsrv.exe No File
FirewallRules: [{BBE82856-F4A1-4BFA-A681-09D875FBC8F0}] => (Allow) E:\LDSGameMaster\SoftMgr\SoftMgrInst.exe No File
FirewallRules: [{57870875-9D4B-4AE9-B495-79AF29E5EC0D}] => (Allow) E:\LDSGameMaster\SoftMgr\SoftMgrInst.exe No File
FirewallRules: [{9D11A848-6C8B-4182-BB58-2A31EB9B42B4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{2F0C5633-12EE-4218-8701-374717B3BFC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Rudy]

Bylo smazáno. Vzhledem k tomu, že v PC je celkem dost "exotického" softwaru, po instalaci čeho se objevil tento problém?

[Rudy]

Vyzkoušete disk připojit k jinému PC, zda tam ty čínské znaky zůstanou. Pokud ne, problém je v PC, pak udělejte obnovu systému k datu, kdy korketně fungoval. Pokud ano, je možné, že to způsobuje vir a pak bude třeba podrobná kontrola toho disku.

[Rudy]

Zkontrolovat disk Pomocí AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.

[Rudy]

Ty soubory zřejmě podlehly nějaké aktualizaci, na virus to nevypadá. Ještě bych rád věděl, jestli se to děje i na jiném PC. Nevím, co je to za soubory, takže vám ani neřeknu, jak to vrátit zpět.

[Rudy]

Rádo se stalo!