TRM

Ik kan het zo wel posten: Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Robin on di 09/06/2015 at 13:39:40,72. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Robin\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 9/06/2015 13:42:54 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Origin Games deleted successfully C:\PROGRA~3\dbg deleted successfully C:\PROGRA~3\Deadtime Stories deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\systemk deleted successfully C:\Users\Robin\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Robin\AppData\Local\pangu deleted successfully C:\Users\Robin\AppData\Local\WarThunder deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\cxzqupjh.default ---- Lines funmoods removed from prefs.js ---- user_pref("extensions.funmoods.aflt", "iron2"); user_pref("extensions.funmoods.autoRvrt", false); user_pref("extensions.funmoods.dfltLng", ""); user_pref("extensions.funmoods.dfltSrch", true); user_pref("extensions.funmoods.dnsErr", true); user_pref("extensions.funmoods.envrmnt", "production"); user_pref("extensions.funmoods.excTlbr", false); user_pref("extensions.funmoods.hmpg", true); user_pref("extensions.funmoods.hmpgUrl", "":{"setting":1},"https://[*.]www.facebook.com:443,*":{"setting":1}},"geolocation":{"http://www.konvert.be:80,http://www.konvert.be:80":{"setting":2},"https://happening.im:443,https://happening.im:443":{"setting":2},"https://maps.google.com:443,https://maps.google.com:443":{"setting":1},"https://www.delijn.be:443,https://www.delijn.be:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"http://chatroulette.com:80,*":{"setting":1},"http://nl.chatrandom.com:80,*":{"setting":1},"http://videochatnl.com:80,*":{"setting":1}},"media_stream_mic":{"http://chatroulette.com:80,*":{"setting":1},"http://nl.chatrandom.com:80,*":{"setting":1},"http://videochatnl.com:80,*":{"setting":1},"https://www.google.be:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]oldschool16.runescape.com,*":{"setting":1},"[*.]oldschool17.runescape.com,*":{"setting":1},"[*.]oldschool34.runescape.com,*":{"setting":1},"[*.]oldschool8.runescape.com,*":{"setting":1},"[*.]oldschool8a.runescape.com,*":{"setting":1},"[*.]www.chess.com,*":{"setting":1},"[*.]www.runescape.com,*":{"setting":1},"https://[*.]dub125.mail.live.com:443,*":{"setting":1}},"popups":{"[*.]www.arteveldehogeschool.be,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]oldschool16.runescape.com,*":{"plugins":1},"[*.]oldschool17.runescape.com,*":{"plugins":1},"[*.]oldschool34.runescape.com,*":{"plugins":1},"[*.]oldschool8.runescape.com,*":{"plugins":1},"[*.]oldschool8a.runescape.com,*":{"plugins":1},"[*.]prankster.nl,*":{"fullscreen":1},"[*.]www.arteveldehogeschool.be,*":{"popups":1},"[*.]www.chess.com,*":{"plugins":1},"[*.]www.demorgen.be,*":{"fullscreen":1},"[*.]www.runescape.com,*":{"plugins":1},"[*.]www.theladbible.com,*":{"fullscreen":1},"[*.]www.trending.be,*":{"fullscreen":1},"[*.]www.youtube.com,*":{"fullscreen":1},"http://cdnapi.kaltura.com:80,http://www.demorgen.be:80":{"fullscreen":1},"http://chatroulette.com:80,*":{"media-stream-camera":1,"media-stream-mic":1},"http://nl.chatrandom.com:80,*":{"media-stream-camera":1,"media-stream-mic":1},"http://videochatnl.com:80,*":{"media-stream-camera":1,"media-stream-mic":1},"http://www.konvert.be:80,http://www.konvert.be:80":{"geolocation":2},"https://[*.]dub125.mail.live.com:443,*":{"plugins":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://maps.google.com:443,https://maps.google.com:443":{"geolocation":1},"https://www.delijn.be:443,https://www.delijn.be:443":{"geolocation":1,"last_used":{"geolocation":1424089000.0}},"https://www.google.be:443,*":{"last_used":{"media-stream-mic":1424481000.0},"media-stream-mic":1}},"pref_version":1},"exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","password_manager_groups_for_domains":[null,null,null,null,null,null,3],"per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Robin\\Pictures"},"selectfile":{"last_directory":"C:\\Users\\Robin\\Documents\\Memes"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13045086862818391"},"sync":{"suppress_start":true},"translate_accepted_count":{"af":0,"da":0,"de":8,"en":0,"es":0,"eu":0,"fr":0,"id":0,"it":0,"jw":0,"lt":0,"pl":0,"pt":0,"sl":0,"sv":0},"translate_blocked_languages":["en","nl"],"translate_denied_count":{"af":3,"da":1,"de":0,"en":6,"es":1,"eu":2,"fr":11,"id":4,"it":6,"jw":13,"lt":3,"pl":2,"pt":1,"sl":1,"sv":4},"translate_language_blacklist":["en"],"translate_last_denied_time":1.418253e+12,"translate_too_often_denied":true,"translate_whitelists":{"de":"nl"}} 2B1BD515DF5CE20C55F91EA2A83E","bepbmhgboaologfdajaanbcjmnhjmhfn":"FC372F2B33A21BCC006C529765C8293CE1434F1808B5CDBE95E1380907DB1536","cjpglkicenollcignonpgiafdgfeehoj":"2B741B7E4830254C208EA292AAA4BFF78AA81A18F9160F5031F36E573E38693B","dhdgffkkebhmkfjojejmpbldmpobfkfo":"FDBED20BA31E9AB943EA96DDB3CC1C681D1B6716053216995324854CD329D727","eemcgdkfndhakfknompkggombfjjjeno":"8B36DDCE7B0C07B2D530DC0C4A33498ADFC4F35D1FC3C53A2BA04801A262F68B","ennkphjdgehloodpbhlhldgbnhmacadg":"15ECF2CE55D840124AD68BFC225C0E4D0033280DCD618BC35881928C272BB752","gfdkimpbcpahaombhbimeihdjnejgicl":"4C787B3502741E43FCDAB335CA3EF39A22EB117A8F6A393F586AB52845FEEFE7","gighmmpiobklfepjocnamgkkbiglidom":"6F9577D92D18D0E23877FCC4812794F76B802DFC88611C3CF0F0D5F3690BAF49","gmlllbghnfkpflemihljekbapjopfjik":"BB1032E284D3E1104B6462780A56B62CB565DD12DBB99EF2B28162F600E32FB4","hfmkllfplegemejikoabfpjdaoncphip":"BD418CEF1FBFECB071B9C63A026DECA79C9BBB38BF905C69F9DE7AA721DD346A","kmendfapggjehodndflmmgagdbamhnfd":"4C3495F03903A3A5557983184C5807DF21E8687494EF2257AB212DFFF35B5F15","mfehgcgbbipciphmccgaenjidiccnmng":"868A24F1DB7E20238E964A4E67AD0D685E3C24F0BF71775D67245E5CE21B1584","mgndgikekgjfcpckkfioiadnlibdjbkf":"95FA051DAD6AD660589D1DCB6189F26A5A97D86DE15626C70AAAC10F45C80BAC","mhjfbmdgcfjbbpaeojofohoefgiehjai":"6B6EC85332FA489A7B34481D76523664567A67C90B6A02584D155FA64AE98D5D","neajdppkdcdipfabeoofebfddakdcjhd":"124C85D134296EB639598AED96108EEFF5C138E3BB7F1BCD8457B688477C3244","nkeimhogjdpnpccoofpliimaahmaaome":"6BD68EACCAAFD04F4A89FCEE394A86C4761C8E733D0F06FB39F73151E32EDEFA","nmmhkkegccagdldgiimedpiccmgmieda":"1FDDC09E50F51976915F61965D765BEA41F505346CE57B06EB38BE5B0098B03A","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"00951CAC8F6644A2478C73FCE06B567AB3CC06A0E3DD362CCA7EEBA7029B2EFE"}},"google":{"services":{"last_username":"8B3C5D542D82AE1EB33DFA3CBAABDD451EF465BE2449DB2B8EA05984517160E7","username":"0894EF5566A2ED8C743B808E49FC5DC6BFE9DBB4164B1E7F97FB54B35CF22FEF"}},"homepage":"A68878023353A4A41EFE8525F74D68A40F7CE102E6A0283ECB48BC9F59BB5947","homepage_is_newtabpage":"C92B2E24AC23BB21CB2A9940B2A033528FDAF1F16C6ED8A30FB7A997389214D3","pinned_tabs":"124E413C2CD1E5A41FAF808623916776AE6BE2F60858BEA66B2ABF4D321AFE85","prefs":{"preference_reset_time":"3B3DABE45535B2F3E8BEB2C20BDB46019923C1E2388F8BE125EACC454BDBC02E"},"profile":{"reset_prompt_memento":"E162A74CE612F28DF027131E35DB2B9A8E9A61F9511CD549D355037857C18ED5"},"safebrowsing":{"incidents_sent":"0675B8E25268053B8C127E0BAC37859E9CEDA8FDBB97B95C1C7025665F1F530C"},"search_provider_overrides":"7485EED60452C9D967AFA38FAA63EAF4120CA7FCCC0028B9F312CFC5F7A32688","session":{"restore_on_startup":"57F4BB7E28F43DC68EC8E676999D99BAD1181FE17DFB4465FD54DECD3EBEF98B","startup_urls":"D8F0F784793893CA5069CDF1D2497A104DD6FA5B8B48047DE297EFD5B66F01B6"},"software_reporter":{"prompt_reason":"9AB109BD8FFC22C7EAB638A782D11C63E0115339177D7D92E2905698D33030EE","prompt_seed":"BB5BE3265D6769344D65758B3991153C311D6F1FE6C53BE3CD897E4CCFD2C13C","prompt_version":"626B37B530C625E35B9F537E325E28314CB273FEAC9822B4FA33A0AABEFA6F23"},"sync":{"remaining_rollback_tries":"9D8657E4DE514267C36F337E78036C39DE6166BB47B40C933683ECF929ED98BC"}},"super_mac":"234CBE2A384B93ABB465AABAAE78660486FAEE74134090E322FCB6668C7F3DE8"},"session":{"restore_on_startup":5,"startup_urls":["http://www.default-search.net/?sid=476&aid=155&itype=n&ver=12349&tm=353&src=hmp","http://www.google.com/]},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {7602B908-8B7B-D77C-E575-47F43B46D11A} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3700995095-2466019865-2422278789-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3700995095-2466019865-2422278789-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3700995095-2466019865-2422278789-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7602B908-8B7B-D77C-E575-47F43B46D11A} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7602B908-8B7B-D77C-E575-47F43B46D11A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{22C8ACE8-894D-F326-F3F4-6817F6EA3D22} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1537 folders=436 317474380 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Robin\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Robin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 09/06/2015 at 14:14:22,12 ======================

Ik krijg deze melding: ' zoek-results.logUpload Overgeslagen (Geen bestand geselecteerd om te uploaden)' Overigens ook twee (geen idee welke) pictrogrammen van mijn bureaublad die na de reboot weg zijn. Groetjes

Zo dan? log.txt

En wat heb ik dan eigenlijk net gedaan? Groetjes

Hallo, Ik weet niet of ik het hier juist plaats, waarvoor mijn excuses indien het niet juist staat. Ik zit met een paar vragen. Gisteren heeft iemand een keylogger via Steam en een site op mijn computer gezet, waarna hij mijn skins (soort van mooiere wapens zeg maar) heeft gestolen. Ik heb mijn computer gescand met AVG en met Malwarebytes. Deze laatste zag dat er inderdaad een keylogger op mijn laptop was en heeft deze (normaal gezien) verwijdert. Ik heb reeds alle belangrijke paswoorden verandert. Nu heb ik een paar vragen: 1: Wat doe ik nu best? Een vriend van me zei om misschien systeemherstel te doen via windows, maar zoals zo vaak kan je er geen beroep op doen wanneer nodig, aangezien er geen herstelpunt is (ik ben trouwens echt een dummie in computers). Maar moet ik dan broodnodig mijn laptop formatteren of zijn er andere dingen die ik kan doen? 2: Ik geraak niet meer op Steam. Het virus heeft zich verspreid via Steam (sloot af nadat het geplant werd) en het doet niets wanneer ik erop klik. Het vreemdste is dat ik ook niet op de site van Steam raak op mijn laptop. Als ik ernaartoe surf krijg ik volgende melding: err_connection_refused' en dit enkel bij de steam site en de snelkoppeling. Ook de spelletjes die via Steam draaien kan ik niet meer spelen op mijn LAPTOP. Op de desktop beneden gaat dit echter wel. Daar kan ik alle spelletjes spelen (op hetzelfde account) en geraak ik wel op de site. Hoe valt dit op te lossen? Betekent dit dat er zich nog steeds een virus of keylogger bevindt of is het een soort van voorzorgsmaatregel van Steam zelf? Nogmaals, moest dit verkeerd geplaatst zijn, mijn excuses. En alvast bedankt voor de mogelijke respons! Groetjes