Vraag & Antwoord

Beveiliging & privacy

Crawler Search

Anoniem
pimvandenderen
7 antwoorden
 • Hallo, sinds vandaag heb ik op de plaats waar normaal mijn google search staat, crawler search staan in het zoek vlakje in internet explorer.

  Ik heb me al suf gezocht op internet en overal lees ik dat ik het bestand moet verwijderen uit mijn software lijst.
  Maar hij staat er niet, ook niet tussen program files en Ctoolbar is ook niet te vinden, het lijkt me geen virus, maar ik heb er niet om gevraagd en wil gewoon mijn google terug.

  Iemand advies?
  (Ik heb het vermoeden dat hij meegekomen is met het downloaden van agv??)
 • je pc is wel besmet. Lees de instructies over het verwijderen van spyware.
 • Ik heb volgens mij elk anti spyware proagramma al gebruikt, maar die crawler searchbar blijft.
  Hieronder mijn logje:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 13:01:44, on 24-3-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\Microsoft LifeCam\MSCamS32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
  C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\S-1-5-18\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - HKUS\.DEFAULT\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Default user')
  O4 - Global Startup: BTTray.lnk = ?
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {0B9B8EF5-4C98-4D21-A685-45FC12A19592} (CInstallCtrl) - https://secured.payvisionservices.com/GOD/binaries/GODActiveX.ocx
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199903969875
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


  End of file - 7219 bytes
 • Download van deze pagina: http://www.billsway.com/vbspage/
  de [b:21b970668b]Registry Search Tool[/b:21b970668b] en pak hem uit op je Bureaublad.

  start het tooltje door RegSrch.vbs te dubbelklikken
  In zoekveld geef je volgende string in: [b:21b970668b]crawler[/b:21b970668b]
  Je register wordt nu doorzocht.
  Als er wat gevonden wordt, dan opent er een wordpad bestand, bewaar dat en plaats dat even hier.

  Succes.
 • Ben inmiddels na een systeem herstel de crawler search kwijt, maar vermoed dat hij wel weer komt.
  Ben er ook bijna zeker van dat hij met agv free meekomt.

  Hieronder even het crawler logje:

  REGEDIT4
  ; RegSrch.vbs © Bill James

  ; Registry search results for string "crawler" 24-3-2008 16:50:24

  ; NOTE: This file will be deleted when you close WordPad.
  ; You must manually save this file to a new location if you want to refer to it again later.
  ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}]
  @="WebCheckWebCrawler"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}]
  @="Network-crawler"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}]
  @="Crawler voor lokale shares en printers"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49C929EE-A1B7-4C58-B539-E63BE392B6F3}]
  @="INetCrawler"

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData]
  "CrawlerToolbar"=">:>;)@:@)FKPQ>II>QFLK:2)QRFA:S0/>-5–>1@3.21./??2303>?/@24-/066-14-240-.."

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]

  [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]

  [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]

  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
  "DisplayName"="Crawler Search"

  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
  "URL"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60327"

  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Crawler Toolbar]

  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler]

  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Printers]

  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares]

  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]

  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crawlermachine.com]

  [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]
 • Lijkt me een beetje raar als hij met AVG zou meekomen als je hem gewoon via de website van Grisoft download.

  Kopieer onderstaande code in de codebox in een leeg kladblok venster:
  [i:3466cd42be](vergeet REGEDIT4 niet mee te kopieeren!) [/i:3466cd42be]

  [code:1:3466cd42be]
  REGEDIT4

  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49C929EE-A1B7-4C58-B539-E63BE392B6F3}]
  [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]
  [-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]
  [-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]
  [-HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
  "DisplayName"=-
  [HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
  "URL"=-
  [-HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]
  [-HKEY_USERS\S-1-5-21-1644491937-261903793-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crawlermachine.com]
  [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcrawler.com]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
  "Start Page"=http://www.google.nl
  "RunOnceHasShown"=dword:00000001
  "RunOnceComplete"=dword:00000001

  [/code:1:3466cd42be]

  Sla deze op als [b:3466cd42be]fixreg.reg[/b:3466cd42be] en geef als type "[b:3466cd42be]Alle bestanden[/b:3466cd42be]"
  Wanneer je hem hebt opgeslagen ziet het icoontje als volgt eruit:
  [img:3466cd42be]http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif[/img:3466cd42be]

  Dubbelklik vervolgens op [b:3466cd42be]fixreg.reg[/b:3466cd42be].
  Bij de vraag of je de wijzigingen aan het register wil toevoegen zeg [b:3466cd42be]Ja/Ok[/b:3466cd42be]

  Nog problemen?
 • Alles lijkt me weer in orde, bedankt voor de snelle hulp.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.