PUP.Optional.DoubleD

DoubleD est un programme qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits.
– Il recueille vos habitudes de navigations et les communique à un serveur (Tracking).
– Il ajoute certains programmes comme Gameztar Toolbar, QuestService ou winpwn.

Caractéristiques :

– Il appartient à une famille de PUP Optionnels (Potentially Unwanted Program).
– Vendeur : PUP.Optional.

Actions principales :

– Il s’installe en tant que processus lancé au démarrage du système (RP),
– Il s’installe en tant de Browser Helper Object de Navigateur internet (O2),
– Il s’installe en tant que Toolbar de Navigateur internet (O3),
– Il s’installe en tant que service pour être lancé à chaque démarrage du système (O23),(SR),
– Il s’installe en tant que programme (O42),
– Il crée des clés de Registre “Software” (O43),
– Il crée dans le Registre une clé Legacy pointant sur un service malware (O64),
– Il crée des clés et valeurs de registre (O88 ),

Aperçu ZHPDiag :

—-\\ Processus lancés
[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][MD5.AE64D0E068072A18A489AFE3E1BF0918] – (…) — C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe [61712]
[MD5.AE64D0E068072A18A489AFE3E1BF0918] – (…) — C:\Program Files\QuestService\questservice.exe [61712]

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: Automated Content Enhancer – {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} . (.. – ACE Helper Class.) — C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACEIEAddOn.dll
O2 – BHO: Customized Platform Advancer – {42C7C39F-3128-4a17-BDB7-91C46032B5B9} . (.. – Customized Platform Advancer.) — C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPAIEAddOn.dll
O2 – BHO: Content Management Wizard – {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} . (…) — C:\Program Files\Content Management Wizard\1.1.0.1880\CMWIE.dll
O2 – BHO: Textual Content Provider – {CAC89FF9-34A9-4431-8CFE-292A47F843BC} . (…) — C:\Program Files\Textual Content Provider\1.1.0.1710\TCPIE.dll
O2 – BHO: Web Search Operator – {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} . (…) — C:\Program Files\Web Search Operator\4.1.0.1880\wso.dll

—\\ Internet Explorer toolbars (O3)
O3 – Toolbar: Gameztar Toolbar – {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} . (…) — C:\Program Files\Gameztar Toolbar\2.1.2.6090\mvb0.dll

—\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: (QuestService Service) . (…) – C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe

—\\ Logiciels installés (O42)
O42 – Logiciel: Gameztar Toolbar – (.Interactive Internet Software Sdn Bhd.) [HKLM] — Gameztar Toolbar
O42 – Logiciel: Gameztar Toolbar – (.Interactive Internet Software Sdn Bhd.) [HKLM] — {95F19350-A3A2-491B-A404-54BDD34DB49D}
O42 – Logiciel: QuestService 1.0 build 179 – (…) [HKLM] — QuestService
O42 – Logiciel: winpwn 2.0.0.3 – (.cmw.) [HKLM] — winpwn

—\\ HKCU & HKLM Software Keys
[HKCU\Software\Automated Content Enhancer]
[HKCU\Software\Customized Platform Advancer]
[HKCU\Software\Gameztar Toolbar]
[HKCU\Software\Media Access Startup]
[HKCU\Software\Web Search Operator]
[HKLM\Software\Automated Content Enhancer]
[HKLM\Software\Customized Platform Advancer]
[HKLM\Software\Media Access Startup]
[HKLM\Software\Web Search Operator]
[HKCU\Software\cmw]

—\\ Contenu des dossiers Program Files (O43)
O43 – CFD: 09/12/2009 – 17:51:32 —-D- C:\Program Files\Automated Content Enhancer
O43 – CFD: 09/12/2009 – 17:52:04 —-D- C:\Program Files\Content Management Wizard
O43 – CFD: 09/12/2009 – 17:51:40 —-D- C:\Program Files\Customized Platform Advancer
O43 – CFD: 09/12/2009 – 17:51:06 —-D- C:\Program Files\Gameztar Toolbar
O43 – CFD: 09/12/2009 – 17:51:50 —-D- C:\Program Files\Internet Today
O43 – CFD: 10/11/2010 – 20:41:12 —-D- C:\Program Files\QuestService
O43 – CFD: 09/12/2009 – 17:55:46 —-D- C:\Program Files\Textual Content Provider
O43 – CFD: 09/12/2009 – 17:51:26 —-D- C:\Program Files\Web Search Operator
O43 – CFD: 10/06/2011 – 18:34:42 – [0,003] —-D- C:\Users\Coolman\AppData\Roaming\cmw

—\\ Liste des services Legacy (LALS) (O64)
O64 – Services: CurCS – “C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe (.not file.) – QuestService Service (QuestService Service) .(…) – LEGACY_QUESTSERVICE_SERVICE

—\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 08/11/2010 61712 | “C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe (QuestService Service) . (…) – C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe

—\\ Scan Additionnel (O88 )
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}]
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gameztar Toolbar]
[HKLM\SYSTEM\CurrentControlSet\Services\QuestService Service]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSERVICE_SERVICE]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95F19350-A3A2-491B-A404-54BDD34DB49D}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\QuestService]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winpwn]
[HKCU\Software\Automated Content Enhancer]
[HKCU\Software\Customized Platform Advancer]
[HKCU\Software\Gameztar Toolbar]
[HKCU\Software\Media Access Startup]
[HKCU\Software\Web Search Operator]
[HKLM\Software\Automated Content Enhancer]
[HKLM\Software\Customized Platform Advancer]
[HKLM\Software\Media Access Startup]
[HKLM\Software\Web Search Operator]
[HKCU\Software\CMW]
C:\Program Files\Web Search Operator
C:\Program Files\Web Search Operator
C:\Program Files\Textual Content Provider
C:\Program Files\QuestService
C:\Program Files\Internet Today
C:\Program Files\Gameztar Toolbar
C:\Program Files\Customized Platform Advancer
C:\Program Files\Content Management Wizard
C:\Program Files\Automated Content Enhancer

 

Liens :

www.systemlookup.com
Symantec
www.microsoft.com

 

Alias :

Adware:Win32/DoubleD [Microsoft]
GameZtar Toolbar [Sophos]

 

Supprimer (Remove) :

– Supprimer le logiciel “Gameztar Toolbar” via le panneau de configuration Windows,
– Supprimer le logiciel “QuestService” via le panneau de configuration Windows,
– Supprimer le logiciel “winpwn” via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
Nettoyer avec ZHPCleaner[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Retour haut de page