Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

KFC32.exe w folderze appdata/roaming

domelownik 09 Wrz 2018 10:26 114 4
  • #2 09 Wrz 2018 10:38
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {37DB8C04-8CD7-48E7-AE29-2FEC1AB95A9C} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    () C:\Users\rczar\AppData\Roaming\Microsoft\KFC32.exe
    HKU\S-1-5-21-1766697593-1985942253-678171426-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
    Startup: C:\Users\rczar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Asetup.exe [2017-11-04] (Microsoft)
    C:\Users\rczar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Asetup.exe
    GroupPolicy: Ograniczenia ? <==== UWAGA
    2018-09-08 21:23 - 2018-09-09 08:13 - 000000024 _____ C:\Users\rczar\AppData\win32
    2018-09-08 21:21 - 2018-09-08 21:21 - 000000000 ____D C:\WINDOWS\BFA04EE0824046678D5345496A901C33.TMP
    2018-09-08 21:21 - 2018-09-08 21:21 - 000000000 ____D C:\Users\rczar\AppData\Roaming\Windows
    2018-09-08 21:20 - 2018-09-08 21:20 - 000060065 _____ C:\Users\rczar\AppData\Roaming\buz.zip
    2018-08-31 09:07 - 2018-08-31 09:07 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Dom.dll
    2018-02-05 18:22 - 2018-02-05 18:22 - 000328408 _____ () C:\Program Files (x86)\lua5.1.dll
    2017-11-04 22:21 - 2017-11-04 22:21 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Asetup.exe
    2017-06-13 16:54 - 2017-06-13 16:54 - 000005120 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\atxt.dll
    2018-09-08 21:20 - 2018-09-08 21:20 - 000060065 _____ () C:\Users\rczar\AppData\Roaming\buz.zip
    2017-06-15 21:19 - 2017-06-15 21:19 - 000005120 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Dhan.dll
    2018-08-31 09:07 - 2018-08-31 09:07 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Dom.dll
    2018-08-05 13:47 - 2018-08-05 13:47 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\dw.dll
    2018-08-05 13:47 - 2018-08-05 13:47 - 000009216 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\dwmDesktop.exe
    2017-06-13 16:52 - 2017-06-13 16:52 - 000004608 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\fder.dll
    2018-08-05 13:57 - 2018-08-05 13:57 - 000006656 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Ghan.dll
    2017-06-15 20:55 - 2017-06-15 20:55 - 000004608 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\ghtml.dll
    2017-06-13 16:59 - 2017-06-13 16:59 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Hosd.dll
    2017-02-19 08:39 - 2017-02-19 08:39 - 000036864 _____ ( ) C:\Users\rczar\AppData\Roaming\Interop.Shell32.dll
    2017-06-15 20:58 - 2017-06-15 20:58 - 000005120 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\KF.dll
    2017-11-04 22:16 - 2017-11-04 22:16 - 000008192 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\KFC32.exe
    2017-06-02 18:00 - 2018-09-09 08:12 - 000000200 _____ () C:\Users\rczar\AppData\Roaming\sp_data.sys
    2017-06-15 21:01 - 2017-06-15 21:01 - 000004608 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\statin.dll




    2017-06-15 21:20 - 2017-06-15 21:20 - 000007680 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Uzip.dll
    2017-11-04 22:11 - 2017-11-04 22:11 - 000009728 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\WindowsDmedias.exe
    2017-11-04 22:12 - 2017-11-04 22:12 - 000008192 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Windowsmediab.exe
    2018-09-08 21:20 - 2017-11-04 22:21 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\Asetup.exe
    2018-09-08 21:20 - 2017-06-13 16:54 - 000005120 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\atxt.dll
    2018-09-08 21:20 - 2017-06-15 21:19 - 000005120 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\Dhan.dll
    2018-09-08 21:20 - 2018-08-31 09:07 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\Dom.dll
    2018-09-08 21:20 - 2018-08-05 13:47 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\dw.dll
    2018-09-08 21:20 - 2018-08-05 13:47 - 000009216 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\dwmDesktop.exe
    2018-09-08 21:20 - 2017-06-13 16:52 - 000004608 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\fder.dll
    2018-09-08 21:20 - 2018-08-05 13:57 - 000006656 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\Ghan.dll
    2018-09-08 21:20 - 2017-06-15 20:55 - 000004608 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\ghtml.dll
    2018-09-08 21:20 - 2017-06-13 16:59 - 000006144 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\Hosd.dll
    2018-09-08 21:20 - 2017-02-19 08:39 - 000036864 _____ ( ) C:\Users\rczar\AppData\Roaming\Microsoft\Interop.Shell32.dll
    2018-09-08 21:20 - 2017-06-15 20:58 - 000005120 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\KF.dll
    2018-09-08 21:20 - 2017-11-04 22:16 - 000008192 _____ () C:\Users\rczar\AppData\Roaming\Microsoft\KFC32.exe
    2018-09-08 21:20 - 2018-09-08 21:20 - 000000010 _____ () C:\Users\rczar\AppData\Roaming\Microsoft\nameusa.txt
    2018-09-08 21:20 - 2018-08-31 17:15 - 000000014 _____ () C:\Users\rczar\AppData\Roaming\Microsoft\ng
    2018-09-08 21:20 - 2017-06-15 21:01 - 000004608 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\statin.dll
    2018-09-08 21:20 - 2017-06-15 21:20 - 000007680 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\Uzip.dll
    2018-09-08 21:20 - 2017-11-04 22:11 - 000009728 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\WindowsDmedias.exe
    2018-09-08 21:20 - 2017-11-04 22:12 - 000008192 _____ (Microsoft) C:\Users\rczar\AppData\Roaming\Microsoft\Windowsmediab.exe


    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 09 Wrz 2018 12:38
    Kolobos
    Spec od komputerów

    Usun C:\AdwCleaner i C:\FRST, to wszystko.

    0
  • #5 09 Wrz 2018 12:48
    domelownik
    Poziom 2  

    Bardzo dziękuję za szybką pomoc. Problem rozwiązany :)

    0