Vraag & Antwoord

Beveiliging & privacy

coolwebsearch

Anoniem
Decomp
6 antwoorden
 • Ik las bij PestControl dat Coolwebsearch gevaarlijk zou zijn.
  In het register had ik hievan vele vermeldingen. Behoort dit o.a. niet tot Explorer? Overigens niet gevonden door Spyware/adaware of Spybot.
 • CWShredder downloaden en even gebruiken dan weet je het zeker
 • Draai cwshredder eens, en plaats hier een hijackthislog (zie spyware faq).
 • [quote:8ee96a712d="gerben"]Draai cwshredder eens, en plaats hier een hijackthislog (zie spyware faq).[/quote:8ee96a712d]
  Ik heb CWS laten draaien en vond niets. Bijgaand HJ, met dank voor het feit dat je er even naar wilde kijken!!!
  Logfile of HijackThis v1.99.0
  Scan saved at 22:12:46, on 9/01/2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\WINDOWS\System32\ezSP_Px.exe
  C:\Program Files\DU Meter\DUMeter.exe
  C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\WINDOWS\System32\cisvc.exe
  C:\Program Files\sony\giga pocket\shwserv.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton Utilities\NPROTECT.EXE
  C:\Program Files\Dantz\Retrospect\retrorun.exe
  C:\WINDOWS\System32\snmp.exe
  C:\Program Files\Speed Disk\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wdfmgr.exe
  C:\Program Files\sony\vaio media music server\SSSvr.exe
  C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
  C:\Program Files\sony\giga pocket\GPVSvr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
  C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
  C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
  C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
  C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
  C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
  C:\Program Files\sony\giga pocket\RM_SV.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\WINDOWS\System32\alg.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
  O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
  O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl
  O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
  O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
  O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
  O23 - Service: InCD Helper - Ahead Software AG - (no file)
  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
  O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Retrospect Launcher - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
  O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
  O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
  O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
  O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  O23 - Service: VAIO Media Music Server - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
  O23 - Service: VAIO Media Music Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
  O23 - Service: VAIO Media Music Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
  O23 - Service: VAIO Media Photo Server - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
  O23 - Service: VAIO Media Photo Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
  O23 - Service: VAIO Media Photo Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
  O23 - Service: VAIO Media Video Server - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
  O23 - Service: VAIO Media Video Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
  O23 - Service: VAIO Media Video Server (UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
  O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 • [quote:203375fc58="Zlatan"]In het register had ik hievan vele vermeldingen. Behoort dit o.a. niet tot Explorer? Overigens niet gevonden door Spyware/adaware of Spybot.[/quote:203375fc58]
  Dit hoeft niet noodzakelijk kwaadaardig te zijn hoor.
  Coolwebsearch (of CWS domeinen) kan of kunnen bv aan de zone van websites met beperkte toegang gevoegd zijn. Dit ga je dan ook in je register terug vinden.
  Log lijkt me ok. Zijn er problemen?
  Want de nieuwe CWS-varianten zie je niet altijd in een hijackthislog verschijnen.
 • [quote:74f74d7710="Zlatan"]Log lijkt me ok. Zijn er problemen?
  Want de nieuwe CWS-varianten zie je niet altijd in een hijackthislog verschijnen.[/quote:74f74d7710]
  Bedankt, neen er zijn geen daadwerkelijke problemen, alleen werd ik op dit fenomeen geattenteerd vandaar mijn vraagstelling.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.