PUP.Optional.MyWebSearch

MyWebSearch est un programme publicitaire qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits. L’objectif de ce programme est de gagner de l’argent en générant du trafic Web. Lors de la consultation de certains sites, il propose des bons de réduction sur de multiples produits. Il collecte des renseignements sur vos habitudes de navigations. Recensé le 19/11/2012.

Contents

Caractéristiques :

– Il appartient à une famille de PUP Optionnels (Potentially Unwanted Program).
– Vendeur : PUP.Optional.

Actions principales :

– Il s’installe en tant que processus lancé au démarrage du système (RP),
– Il pirate la page de démarrage du navigateur Google Chrome (G0),
– Il installe un programme d’extension pour le navigateur Google Chrome (G2),
– Il installe un programme d’extension pour le navigateur Mozilla Firefox (M2),
– Il installe un plugin du navigateur Mozilla Firefox (P2),
– Il modifie la page de démarrage du navigateur Internet Explorer (R0),
– Il modifie la page de recherche du navigateur Internet Explorer (R1),
– Il s’installe en tant que BHO (Browser Helper Object) de Navigateur internet (O2),
– Il s’installe en tant que Toolbar de Navigateur internet (O3),
– Il s’installe dans la Base de Registres afin d’être lancé à chaque démarrage du système (O4),
– Il s’installe en tant qu’objet ActiveX (O16),
– Il s’installe en tant que service pour être lancé à chaque démarrage du système (O23),(SS/SR),
– Il s’installe en tant que programme (O42),
– Il crée de multiples clés de Registre « Software »,
– Il crée des dossiers supplémentaires (O43),
– Il s’installe dans le dossier Windows prefetcher (O45),
– Il modifie le fournisseur de recherche Internet (O69),
– Il pollue la base de Registres avec de nombreuses clés et valeurs (O88 ),
– Il crée de multiples fichiers et dossiers (O88 ),

Aperçu ZHPDiag, NCDiag :

—-\\ Processus lancés
[fusion_builder_container hundred_percent= »yes » overflow= »visible »][fusion_builder_row][fusion_builder_column type= »1_1″ background_position= »left top » background_color= » » border_size= » » border_color= » » border_style= »solid » spacing= »yes » background_image= » » background_repeat= »no-repeat » padding= » » margin_top= »0px » margin_bottom= »0px » class= » » id= » » animation_type= » » animation_speed= »0.3″ animation_direction= »left » hide_on_mobile= »no » center_content= »no » min_height= »none »][MD5.9ABBE6F791C0B599A7128C9ACA27C094] – (.MyWebSearch.com – My Web Search Plugin Loader.) — C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.exe [32838] [PID.2536] [MD5.DF061B31884C94010C67F04E8182B91D] – (.MyWebSearch.com – MyWebSearch SearchScope Monitor.) — C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.exe [24688] [PID.3708] [MD5.319F6520EEACE462C0FBFEB6AB400332] – (.MyWebSearch.com – My Web Search Bar.) — C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.exe [28762] [PID.] [MD5.FB85F333D10B1475650C4304F99A1ECE] – (.MindSpark – MindSpark Toolbar Platform SearchScope Moni.) — C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe [44784] [PID.11904] [MD5.35D6CAAA9E4D82974A74DBDB53801F98] – (.VER_COMPANY_NAME – VER_DESCRIPTION.) — C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe [30096] [PID.12232] [MD5.7EDAFAC1518DA60B6DA06D68AFFDA75F] – (…) — C:\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe [1292432] [PID.4740]

—\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G0 – GCSP: Preference [User Data\Default][HomePage] https://mysearch.avg.com
G0 – GCSP: Preference [User Data\Default] https://mysearch.avg.com
G0 – GCSP: Preference [User Data\Default] https://start.mysearchdial.com
G1 – GCS: Preference [User Data\Default] https://mysearch.avg.com
G2 – GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] Nouvel onglet v.9.2 (Désactivé )
G2 – GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.1.1 (Désactivé )

—\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 – MFEP: prefs.js [Coolman – ydt06024.default\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] [] MySearchDial v7.0 (..)
M2 – MFEP: prefs.js [Coolman – ydt06024.default\8hffxtbr@Allin1Convert_8h.com] [] Allin1Convert v2.73.1.44173 (..)

—\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://start.mysearchdial.com
R0 – HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://start.mysearchdial.com
R1 – HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = https://start.mysearchdial.com

—\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 – FPN: [HKLM] [@funwebproducts.com/Plugin] – (…) — C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll
P2 – FPN: [HKLM] [@Allin1Convert_8h.com/Plugin] – (.MindSpark – MindSpark Toolbar Platform Plugin Stub for 32-bit Windows.) — C:\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1-072E-44cf-8957-5838F569A31D} . (…) — C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: mwsBar BHO – {07B18EA1-A523-4961-B6BB-170DE4475CCA} . (…) — C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 – BHO: Search Assistant BHO – {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} . (.MindSpark – MindSpark Search Assistant.) — C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll

—\\ Internet Explorer Toolbars (O3)
O3 – Toolbar: My Web Search – {07B18EA9-A523-4961-B6BB-170DE4475CCA} . (…) — C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 – Toolbar: Allin1Convert – [HKLM]{cd1a63ba-a08c-431b-9a34-f240aadc728d} . (.MindSpark – MindSpark Toolbar Platform.) — C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll

—\\ Applications démarrées par registre & par dossier (O4)
O4 – HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\Program Files\MYWEBS~1\bar\2.bin\M3PLUGIN.dll
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] . (.MyWebSearch.com – My Web Search Plugin Loader.) — C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.exe
O4 – HKLM\..\Run: [My Web Search Bar Search Scope Monitor] . (.MyWebSearch.com – MyWebSearch SearchScope Monitor.) — C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.exe
O4 – HKCU\..\Run: [MyWebSearch Email Plugin] . (.MyWebSearch.com – My Web Search Plugin Loader.) — C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.exe
O4 – HKUS\S-1-5-18\..\Run: [MyWebSearch Email Plugin] C:\Program Files\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKUS\S-1-5-18\..\Run: [MyWebSearch Email Plugin] C:\Program Files\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKUS\S-1-5-21-3060248500-3899092965-2758593988-1000\..\Run: [MyWebSearch Email Plugin] . (.MyWebSearch.com – My Web Search Plugin Loader.) — C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.exe
O4 – HKLM\..\Run: [Allin1Convert Search Scope Monitor] . (.MindSpark – MindSpark Toolbar Platform SearchScope Moni.) — C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe
O4 – HKLM\..\Run: [Allin1Convert_8h Browser Plugin Loader] . (.VER_COMPANY_NAME – VER_DESCRIPTION.) — C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

—\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) – https://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab

—\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: My Web Search Service (MyWebSearchService) . (.MyWebSearch.com – My Web Search Bar.) – C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.exe

—\\ Logiciels installés (O42)
O42 – Logiciel: My Web Search – (.My Web Search.) [HKLM] — MyWebSearch bar Uninstall

—\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Fun Web Products] [HKCU\Software\AppDataLow\Software\FunWebProducts] [HKCU\Software\AppDataLow\Software\MyWebSearch] [HKCU\Software\MyWebSearch] [HKLM\Software\FocusInteractive] [HKLM\Software\Fun Web Products] [HKLM\Software\FunWebProducts] [HKLM\Software\MyWebSearch] [HKCU\Software\mysearchdial]

—\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 1/12/2008 – 18:17:35 – [0] —-D C:\Program Files\FunWebProducts
O43 – CFD: 30/11/2008 – 17:57:04 – [5,107] —-D C:\Program Files\MyWebSearch

—\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.DB74086208E89D3DC97B6ADD9EB0DB1F] – 30/05/2013 – 15:00:18 —A- – C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-58CB3091.pf
O45 – LFCP:[MD5.D80570D3DA295225C644BC6885209E40] – 30/05/2013 – 15:00:18 —A- – C:\Windows\Prefetch\MYSEARCHDIALTB.EXE-CEFB3D6F.pf
O45 – LFCP:[MD5.CA5E830F53ECA96818FC2545523F1B3C] – 30/05/2013 – 15:00:19 —A- – C:\Windows\Prefetch\SPEEDDIAL_7.0_MYSEARCHDIAL.EX-E406CA27.pf
O45 – LFCP:[MD5.19696A68350A4B95FBF1C8EBBBC76169] – 28/10/2013 – 14:59:44 —A- – C:\Windows\Prefetch\MYSEARCHDIAL.EXE-304FF389.pf
O45 – LFCP:[MD5.C2B30B932929C5108C248C71BF46A431] – 28/10/2013 – 19:55:20 —A- – C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-ADF8ADFE.pf

—\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 19/05/2013 – 05:54:49 —A- C:\Users\Coolman\AppData\Roaming\mysearchdial\icons_2.2.1.618\magnifying.ico [32038] O61 – LFC: 19/05/2013 – 05:54:50 —A- C:\Users\Coolman\AppData\Local\mysearchdial.crx [572439] O61 – LFC: 19/05/2013 – 05:54:57 —A- C:\Users\Coolman\AppData\Roaming\mysearchdial\icons_2.2.1.618\star2.ico [32038] O61 – LFC: 19/05/2013 – 05:55:25 —A- C:\Users\Coolman\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [118272] O61 – LFC: 19/05/2013 – 05:55:26 —A- C:\Users\Coolman\AppData\Roaming\mysearchdial\UpdateProc\config.dat [73] O61 – LFC: 27/06/2013 – 22:07:23 —A- C:\Documents and Settings\Coolman\Application Data\Allin1Convert_8h\b0981697533a5cd3bdf6a6a7e459354869aac2bb\1.0.2\SignedExtension.cab [330662] O61 – LFC: 27/06/2013 – 22:07:25 —A- C:\Documents and Settings\Coolman\Application Data\Allin1Convert_8h\685902e9e41f55407510e329211a1ea9170d5637\1.0.1\SignedExtension.cab [209568]

—\\ Search Browser Infection (O69)
O69 – SBI: SearchScopes [HKCU] {56256A51-B582-467e-B8D4-7786EDA79AE0} [DefaultScope] – (My Web Search) – https://www.mywebsearch.com
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Mysearchdial) – https://start.mysearchdial.com

—\\ Scan Additionnel (O88 )
[HKLM\Software\Microsoft\Internet Explorer\low rights\rundll32policy\f3scrctr.dll] [HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss] [HKLM\Software\microsoft\office\outlook\addins\mywebsearch.outlookaddin] [HKLM\Software\microsoft\office\word\addins\mywebsearch.outlookaddin] [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall] [HKLM\Software\Classes\funwebproducts.datacontrol] [HKLM\Software\Classes\funwebproducts.datacontrol.1] [HKLM\Software\Classes\funwebproducts.historykillerscheduler] [HKLM\Software\Classes\funwebproducts.historykillerscheduler.1] [HKLM\Software\Classes\funwebproducts.historyswattercontrolbar] [HKLM\Software\Classes\funwebproducts.historyswattercontrolbar.1] [HKLM\Software\Classes\funwebproducts.htmlmenu] [HKLM\Software\Classes\funwebproducts.htmlmenu.1] [HKLM\Software\Classes\funwebproducts.htmlmenu.2] [HKLM\Software\Classes\funwebproducts.iecookiesmanager] [HKLM\Software\Classes\funwebproducts.iecookiesmanager.1] [HKLM\Software\Classes\funwebproducts.killerobjmanager] [HKLM\Software\Classes\funwebproducts.killerobjmanager.1] [HKLM\Software\Classes\funwebproducts.popswatterbarbutton] [HKLM\Software\Classes\funwebproducts.popswatterbarbutton.1] [HKLM\Software\Classes\funwebproducts.popswattersettingscontrol] [HKLM\Software\Classes\funwebproducts.popswattersettingscontrol.1] [HKLM\Software\Classes\mywebsearch.chatsessionplugin] [HKLM\Software\Classes\mywebsearch.chatsessionplugin.1] [HKLM\Software\Classes\mywebsearch.htmlpanel] [HKLM\Software\Classes\mywebsearch.htmlpanel.1] [HKLM\Software\Classes\mywebsearch.outlookaddin] [HKLM\Software\Classes\mywebsearch.outlookaddin.1] [HKLM\Software\Classes\mywebsearch.pseudotransparentplugin] [HKLM\Software\Classes\mywebsearch.pseudotransparentplugin.1] [HKLM\Software\Classes\mywebsearchtoolbar.settingsplugin] [HKLM\Software\Classes\mywebsearchtoolbar.settingsplugin.1] [HKLM\Software\Classes\mywebsearchtoolbar.toolbarplugin] [HKLM\Software\Classes\mywebsearchtoolbar.toolbarplugin.1] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}] [HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}] [HKLM\Software\Classes\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d}] [HKLM\Software\Classes\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca}] [HKLM\Software\Classes\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] [HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] [HKLM\Software\Classes\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca}] [HKLM\Software\Classes\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca}] [HKLM\Software\Classes\Interface\{07b18eac-a523-4961-b6bb-170de4475cca}] [HKLM\Software\Classes\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a}] [HKLM\Software\Classes\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}] [HKLM\Software\Classes\Interface\{120927bf-1700-43bc-810f-fab92549b390}] [HKLM\Software\Classes\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] [HKLM\Software\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] [HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] [HKLM\Software\Classes\Interface\{1f52a5fa-a705-4415-b975-88503b291728}] [HKLM\Software\Classes\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}] [HKLM\Software\Classes\CLSID\{25560540-9571-4d7b-9389-0f166788785a}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}] [HKLM\Software\Classes\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554}] [HKLM\Software\Classes\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}] [HKLM\Software\Classes\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}] [HKLM\Software\Classes\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}] [HKLM\Software\Classes\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82}] [HKLM\Software\Classes\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906}] [HKLM\Software\Classes\Interface\{3e720451-b472-4954-b7aa-33069eb53906}] [HKLM\Software\Classes\CLSID\{3e720452-b472-4954-b7aa-33069eb53906}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481}] [HKLM\Software\Classes\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c}] [HKLM\Software\Classes\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}] [HKLM\Software\Classes\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}] [HKLM\Software\Classes\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}] [HKLM\Software\Classes\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a}] [HKLM\Software\Classes\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}] [HKLM\Software\Classes\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\Classes\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\Classes\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\Classes\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\Classes\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\Classes\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\Classes\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c}] [HKLM\Software\Classes\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14}] [HKLM\Software\Classes\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907}] [HKLM\Software\Classes\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}] [HKLM\Software\Classes\Interface\{991aac62-b100-47ce-8b75-253965244f69}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}] [HKLM\Software\Classes\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}] [HKLM\Software\Classes\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc}] [HKLM\Software\Classes\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}] [HKLM\Software\Classes\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144}] [HKLM\Software\Classes\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127}] [HKLM\Software\Classes\TypeLib\{d518921a-4a03-425e-9873-b9a71756821e}] [HKLM\Software\Classes\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7}] [HKLM\Software\Classes\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}] [HKLM\Software\Classes\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e}] [HKLM\Software\Classes\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f}] [HKLM\Software\Classes\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d}] [HKLM\Software\Classes\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612}] [HKLM\Software\Classes\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}] [HKLM\Software\Classes\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612}] [HKLM\Software\Classes\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da}] [HKLM\Software\Classes\TypeLib\{f42228fb-e84e-479e-b922-fbbd096e792c}] [HKLM\Software\Classes\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978}] [HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService] [HKLM\Software\focusinteractive] [HKCU\Software\AppDataLow\Software\Fun Web Products] [HKLM\Software\Fun Web Products] [HKCU\Software\AppDataLow\Software\FunWebProducts] [HKLM\Software\FunWebProducts] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall] [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{07b18ea9-a523-4961-b6bb-170de4475cca}
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{07b18ea9-a523-4961-b6bb-170de4475cca}
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:My Web Search Bar Search Scope Monitor
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:MyWebSearch Email Plugin
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:MyWebSearch Email Plugin
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Users\Coolman\AppData\LocalLow\FunWebProducts
C:\Users\Coolman\AppData\LocalLow\MyWebSearch
C:\Program Files\Allin1Convert_8h
[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] [HKLM\Software\Classes\esrv.mysearchdialESrvc] [HKLM\Software\Classes\esrv.mysearchdialESrvc.1] C:\Documents and Settings\Coolman\Application Data\mysearchdial
C:\Documents and Settings\Coolman\Application Data\Mozilla\Firefox\Profiles\eohpixzt.default\Extension\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

—\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 19/05/2009 28762 | (MyWebSearchService) . (.MyWebSearch.com.) – C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.exe

Alias :

Win32/Toolbar.MyWebSearch
PUP.MyWebSearch

 

Liens :

malwaretips.com/blogs
CCM, Supprimer MyWebSearch / FunWeb
How to remove MyWebSearch adware

 

Supprimer (Remove) :

– Supprimer l’extension « My Web Search » de tous les navigateurs installés,
– Supprimer le plugin « My Web Search » de tous les navigateurs installés,
– Supprimer le logiciel « My Web Search » via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
Nettoyer avec ZHPCleaner

3/5 - (1 vote)
Retour en haut