DoubleD est un programme qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits.
– Il recueille vos habitudes de navigations et les communique à un serveur (Tracking).
– Il ajoute certains programmes comme Gameztar Toolbar, QuestService ou winpwn.

Caractéristiques :

– Il appartient à une famille de PUP Optionnels (Potentially Unwanted Program).
– Vendeur : PUP.Optional.

Actions principales :

– Il s’installe en tant que processus lancé au démarrage du système (RP),
– Il s’installe en tant de Browser Helper Object de Navigateur internet (O2),
– Il s’installe en tant que Toolbar de Navigateur internet (O3),
– Il s’installe en tant que service pour être lancé à chaque démarrage du système (O23),(SR),
– Il s’installe en tant que programme (O42),
– Il crée des clés de Registre « Software » (O43),
– Il crée dans le Registre une clé Legacy pointant sur un service malware (O64),
– Il crée des clés et valeurs de registre (O88 ),

Aperçu ZHPDiag :

—-\\ Processus lancés

[MD5.AE64D0E068072A18A489AFE3E1BF0918] – (…) — C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe [61712] [MD5.AE64D0E068072A18A489AFE3E1BF0918] – (…) — C:\Program Files\QuestService\questservice.exe [61712]

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: Automated Content Enhancer – {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} . (.. – ACE Helper Class.) — C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACEIEAddOn.dll
O2 – BHO: Customized Platform Advancer – {42C7C39F-3128-4a17-BDB7-91C46032B5B9} . (.. – Customized Platform Advancer.) — C:\Program Files\Customized Platform Advancer\4.1.0.1800\CPAIEAddOn.dll
O2 – BHO: Content Management Wizard – {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} . (…) — C:\Program Files\Content Management Wizard\1.1.0.1880\CMWIE.dll
O2 – BHO: Textual Content Provider – {CAC89FF9-34A9-4431-8CFE-292A47F843BC} . (…) — C:\Program Files\Textual Content Provider\1.1.0.1710\TCPIE.dll
O2 – BHO: Web Search Operator – {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} . (…) — C:\Program Files\Web Search Operator\4.1.0.1880\wso.dll

—\\ Internet Explorer toolbars (O3)
O3 – Toolbar: Gameztar Toolbar – {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} . (…) — C:\Program Files\Gameztar Toolbar\2.1.2.6090\mvb0.dll

—\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: (QuestService Service) . (…) – C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe

—\\ Logiciels installés (O42)
O42 – Logiciel: Gameztar Toolbar – (.Interactive Internet Software Sdn Bhd.) [HKLM] — Gameztar Toolbar
O42 – Logiciel: Gameztar Toolbar – (.Interactive Internet Software Sdn Bhd.) [HKLM] — {95F19350-A3A2-491B-A404-54BDD34DB49D}
O42 – Logiciel: QuestService 1.0 build 179 – (…) [HKLM] — QuestService
O42 – Logiciel: winpwn 2.0.0.3 – (.cmw.) [HKLM] — winpwn

—\\ HKCU & HKLM Software Keys
[HKCU\Software\Automated Content Enhancer] [HKCU\Software\Customized Platform Advancer] [HKCU\Software\Gameztar Toolbar] [HKCU\Software\Media Access Startup] [HKCU\Software\Web Search Operator] [HKLM\Software\Automated Content Enhancer] [HKLM\Software\Customized Platform Advancer] [HKLM\Software\Media Access Startup] [HKLM\Software\Web Search Operator] [HKCU\Software\cmw]

—\\ Contenu des dossiers Program Files (O43)
O43 – CFD: 09/12/2009 – 17:51:32 —-D- C:\Program Files\Automated Content Enhancer
O43 – CFD: 09/12/2009 – 17:52:04 —-D- C:\Program Files\Content Management Wizard
O43 – CFD: 09/12/2009 – 17:51:40 —-D- C:\Program Files\Customized Platform Advancer
O43 – CFD: 09/12/2009 – 17:51:06 —-D- C:\Program Files\Gameztar Toolbar
O43 – CFD: 09/12/2009 – 17:51:50 —-D- C:\Program Files\Internet Today
O43 – CFD: 10/11/2010 – 20:41:12 —-D- C:\Program Files\QuestService
O43 – CFD: 09/12/2009 – 17:55:46 —-D- C:\Program Files\Textual Content Provider
O43 – CFD: 09/12/2009 – 17:51:26 —-D- C:\Program Files\Web Search Operator
O43 – CFD: 10/06/2011 – 18:34:42 – [0,003] —-D- C:\Users\Coolman\AppData\Roaming\cmw

—\\ Liste des services Legacy (LALS) (O64)
O64 – Services: CurCS – « C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe (.not file.) – QuestService Service (QuestService Service) .(…) – LEGACY_QUESTSERVICE_SERVICE

—\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 08/11/2010 61712 | « C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe (QuestService Service) . (…) – C:\Documents and Settings\All Users\Application Data\QuestService\questservice179.exe

—\\ Scan Additionnel (O88 )
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}] [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gameztar Toolbar] [HKLM\SYSTEM\CurrentControlSet\Services\QuestService Service] [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSERVICE_SERVICE] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95F19350-A3A2-491B-A404-54BDD34DB49D}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\QuestService] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winpwn] [HKCU\Software\Automated Content Enhancer] [HKCU\Software\Customized Platform Advancer] [HKCU\Software\Gameztar Toolbar] [HKCU\Software\Media Access Startup] [HKCU\Software\Web Search Operator] [HKLM\Software\Automated Content Enhancer] [HKLM\Software\Customized Platform Advancer] [HKLM\Software\Media Access Startup] [HKLM\Software\Web Search Operator] [HKCU\Software\CMW] C:\Program Files\Web Search Operator
C:\Program Files\Web Search Operator
C:\Program Files\Textual Content Provider
C:\Program Files\QuestService
C:\Program Files\Internet Today
C:\Program Files\Gameztar Toolbar
C:\Program Files\Customized Platform Advancer
C:\Program Files\Content Management Wizard
C:\Program Files\Automated Content Enhancer

 

Liens :

www.systemlookup.com
Symantec
www.microsoft.com

 

Alias :

Adware:Win32/DoubleD [Microsoft] GameZtar Toolbar [Sophos]

 

Supprimer (Remove) :

– Supprimer le logiciel « Gameztar Toolbar » via le panneau de configuration Windows,
– Supprimer le logiciel « QuestService » via le panneau de configuration Windows,
– Supprimer le logiciel « winpwn » via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
Nettoyer avec ZHPCleaner