Re: Keylogger?
Napsal: 14 črc 2015 09:57
Tady je log, díky moc! 
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
User: Public
User: sweety
->Temp folder emptied: 21319950 bytes
->Temporary Internet Files folder emptied: 23122 bytes
->FireFox cache emptied: 674 bytes
->Google Chrome cache emptied: 306515208 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16138723 bytes
RecycleBin emptied: 2519473 bytes
Total Files Cleaned = 330,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Default.migrated
User: Public
User: sweety
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Error: Unable to stop service eamonm!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamonm deleted successfully.
Error: Unable to stop service ehdrv!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehdrv deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\Windows\SysNative\drivers\eamonm.sys moved successfully.
C:\Windows\SysNative\drivers\ehdrv.sys moved successfully.
========== OTL ==========
Error: Unable to stop service eamonm!
Service\Driver key eamonm not found.
File C:\Windows\SysNative\drivers\eamonm.sys not found.
Error: Unable to stop service ehdrv!
Service\Driver key ehdrv not found.
File C:\Windows\SysNative\drivers\ehdrv.sys not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: false removed from browser.search.isUS
Prefs.js: "this is my first firefox searchEngine" removed from browser.search.searchengine.desc
Prefs.js: "obw" removed from browser.search.searchengine.ptid
Prefs.js: "ST320LT020-9YG142_W0Q57LEXXXXXW0Q57LEX" removed from browser.search.searchengine.uid
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com deleted successfully.
File C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\ProgramData\ESET\ESET NOD32 Antivirus folder moved successfully.
C:\ProgramData\ESET folder moved successfully.
C:\Users\sweety\Documents\~WRL3373.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A82.tmp\Microsoft.Office.Tools.Common.v9.0.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A82.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4920.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP56BC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCF49.tmp\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCF49.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSICB21.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\25fb187813b8c2cbe82f0e9ffac7b4cd\$dpx$.tmp\job.xml deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\25fb187813b8c2cbe82f0e9ffac7b4cd\$dpx$.tmp folder deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 07142015_101821
Files\Folders moved on Reboot...
C:\Users\sweety\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_c2ruidll(20150714100031654).log not found!
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(20150714100033654).log not found!
C:\WINDOWS\temp\PC-20150714-1000.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
User: Public
User: sweety
->Temp folder emptied: 21319950 bytes
->Temporary Internet Files folder emptied: 23122 bytes
->FireFox cache emptied: 674 bytes
->Google Chrome cache emptied: 306515208 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16138723 bytes
RecycleBin emptied: 2519473 bytes
Total Files Cleaned = 330,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Default.migrated
User: Public
User: sweety
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Error: Unable to stop service eamonm!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamonm deleted successfully.
Error: Unable to stop service ehdrv!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehdrv deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\Windows\SysNative\drivers\eamonm.sys moved successfully.
C:\Windows\SysNative\drivers\ehdrv.sys moved successfully.
========== OTL ==========
Error: Unable to stop service eamonm!
Service\Driver key eamonm not found.
File C:\Windows\SysNative\drivers\eamonm.sys not found.
Error: Unable to stop service ehdrv!
Service\Driver key ehdrv not found.
File C:\Windows\SysNative\drivers\ehdrv.sys not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: false removed from browser.search.isUS
Prefs.js: "this is my first firefox searchEngine" removed from browser.search.searchengine.desc
Prefs.js: "obw" removed from browser.search.searchengine.ptid
Prefs.js: "ST320LT020-9YG142_W0Q57LEXXXXXW0Q57LEX" removed from browser.search.searchengine.uid
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com deleted successfully.
File C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\ProgramData\ESET\ESET NOD32 Antivirus folder moved successfully.
C:\ProgramData\ESET folder moved successfully.
C:\Users\sweety\Documents\~WRL3373.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A82.tmp\Microsoft.Office.Tools.Common.v9.0.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A82.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4920.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP56BC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCF49.tmp\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCF49.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSICB21.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\25fb187813b8c2cbe82f0e9ffac7b4cd\$dpx$.tmp\job.xml deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\25fb187813b8c2cbe82f0e9ffac7b4cd\$dpx$.tmp folder deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 07142015_101821
Files\Folders moved on Reboot...
C:\Users\sweety\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_c2ruidll(20150714100031654).log not found!
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(20150714100033654).log not found!
C:\WINDOWS\temp\PC-20150714-1000.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) 
Kazdopadne pravidelne zalohujte, vzhledem k tem chybam disku. No a kdyby neco, staci se ozvat 
