GMER.txt

win7 - wirus policyjny-prosba o sprawdzenie logów

Jak w temacie: "wirus policyjny"... Tryb awaryjny działa -Logi z OTL i GMER zrobione w trybie awaryjnym. Byłbym wdzięczny za pomoc.


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-19 17:38:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 - & gt; \Device\Ide\IdeDeviceP0T0L0-0 ST9500420AS rev.D005SDM1 465,76GB
Running: upfmfiis.exe; Driver: C:\Users\Marta\AppData\Local\Temp\uxldapod.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075501465 2 bytes [50, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755014bb 2 bytes [50, 75]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[1488] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075501465 2 bytes [50, 75]
.text C:\Windows\SysWOW64\svchost.exe[1488] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000755014bb 2 bytes [50, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\Explorer.EXE [524:1740] 0000000002381808
Thread C:\Windows\Explorer.EXE [524:1744] 0000000005f35300
Thread C:\Windows\Explorer.EXE [524:1748] 0000000005f34be0
Thread C:\Windows\Explorer.EXE [524:1752] 0000000005f39550
Thread C:\Windows\Explorer.EXE [524:1756] 0000000005f33520
---- Processes - GMER 2.1 ----

Library c:\windows\system32\y (*** suspicious ***) @ C:\Windows\Explorer.EXE [524] 0000033345670000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1920] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2011-07-05 15:24:05) 0000000073a70000

---- EOF - GMER 2.1 ----


Pobierz plik - link do postu