PUP.Optional.SPointer

SPointer est un programme qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits. Il installe de nombreux programmes (Widestream, Freetvradio, Crazyloader, Pixeasy, Freecompressor, ToneMaker, PlayerSide).

Contents

Caractéristiques :

– Il appartient à une famille de PUP Optionnels (Potentially Unwanted Program).
– Vendeur : PUP.Optional.

Actions principales :

– Il s’installe en tant que processus lancé au démarrage du système (RP),
– Il installe un programme d’extension pour le navigateur Google Chrome (G2),
– Il s’installe en tant de Browser Helper Object de Navigateur internet (O2),
– Il s’installe dans la Base de Registres afin d’être lancé à chaque démarrage du système (O4),
– Il démarre une tâche planifiée en automatique (O39),
– Il s’installe en tant que programme (O42),
– Il crée des clés de Registre « Software » (O43),
– Il s’installe dans le dossier Windows prefetcher (O45),
– Il crée de multiples fichiers utilisateurs (O61),
– Il crée une connexion entrante active dans les exceptions d’application du parefeu Windows (O87)
– Il crée des clés registre Installer (O90),
– Il place un fichier de package MSI dans le dossier système Installer (O93)

Aperçu ZHPDiag:

—\\ Processus lancés
[MD5.01B96DBED54E0518A3449C001EBEEDEE] – (.Widestream6 – Interest Recognizer for Widestream6.) — C:\Program Files\Widestream6\spointer\widestream6_air.exe [1281696] [MD5.B2E8C475FEE3ADA1120DE48010F41C27] – (.Freetvradio – Interest Recognizer for Freetvradio.) — C:\Program Files\freeTVRadio\spointer\freetvradio_air.exe [1281696]

—\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G2 – GCE: Preference [User Data\Default] [Random] Interest Recognizer for {VariousName} (Activé )
G2 – GCE: Preference [User Data\Default] [bdcfkjjffkboloijgealjeijakofmalg] Interest Recognizer for Freecompressor v.3.1.1489.132 (Activé )
G2 – GCE: Preference [User Data\Default] [kngejcchcedjdemdaeneneeahmjnpaec] Interest Recognizer for Moovida v.3.4.1545.153 (Activé )
G2 – GCE: Preference [User Data\Default] [fikmanfpkongnopggnndbikhhicdpfka] Interest Recognizer for Crazyloader v.3.4.1545.153 (Activé )
G2 – GCE: Preference [User Data\Default] [oohnlejpdjjmpndgdpcicjiajhmgeoma] Interest Recognizer for Freetvradio v.3.4.1545.153 (Activé )

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: Interest recogniser for {RandomName} (powered by Spointer) – {RandomCLSID} . (.{RandomName} – Interest Recognizer for {RandomName}.) — C:\Program Files\{RandomName}\{RandomName}\spointer\extensions\{RandomName}_air_ie.dll
O2 – BHO: Interest recogniser for Freecompressor (powered by Spointer) – {a83c3565-302c-4bf8-b000-6b6f1811d892} . (.Freecompressor – Interest Recognizer for Freecompressor.) — C:\Program Files (x86)\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll
O2 – BHO: Interest recogniser for Crazyloader (powered by Spointer) – {C5F65718-341D-4e7d-9842-FCB9CC89527E} . (.CrazyLoader – Interest Recognizer for CrazyLoader.) — C:\Program Files\CrazyLoader\spointer\extensions\crazyloader_air_ie.dll
O2 – BHO: Interest recogniser for Widestream6 (powered by Spointer) – {2BEFBCCE-46A6-4950-BCB5-7062EAC6C9C9} . (.Widestream6 – Interest Recognizer for Widestream6.) — C:\Program Files\Widestream6\spointer\extensions\widestream6_air_ie.dll
O2 – BHO: Interest recogniser for Freetvradio (powered by Spointer) – {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} . (.Freetvradio – Interest Recognizer for Freetvradio.) — C:\Program Files\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 – BHO: Interest recogniser for Moovida (powered by Spointer) – {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} . (.Moovida – Interest Recognizer for Moovida.) — C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll
O2 – BHO: Interest recogniser for Bubbledock (powered by Spointer) – {3EC1196B-6239-477c-8F2A-5331B4CBFC3B} . (.Bubbledock – Interest Recognizer for Bubbledock.) — C:\Program Files\Nosibay\Bubble Dock\spointer\extensions\bubbledock_air_ie.dll
O2 – BHO: Interest recogniser for Widestream6 (powered by Spointer) – {1a6dc111-b030-4c3e-be65-299284128b91} – (no file)
O2 – BHO: Interest recogniser for Pixeasy (powered by Spointer) [64Bits] – {838b9725-b6d4-49d7-83a1-2f427efc4d42} . (.Pixeasy – Interest Recognizer for Pixeasy.) — C:\Program Files (x86)\PixEasy\spointer\extensions\pixeasy_air_ie.dll

—\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (…) — C:\Program Files\Nosibay\Livesticker\LLivesticker.exe

—\\ Logiciels installés (O42)
O42 – Logiciel: Moovida – (.Secure Digital Services.) [HKLM] — {6084C211-01A1-464E-97A0-09772E122B50}
O42 – Logiciel: Widestream6 – (.Secure Digital Services.) [HKLM] — {835525BE-63BD-4EC4-9425-00CEAD4849C2}
O42 – Logiciel: ToneMaker – (.Secure Digital Services.) [HKLM] — {9770FACD-C79A-499F-84C3-88F033197402}

—\\ HKCU & HKLM Software Keys
[HKCU\Software\Crazyloader] [HKCU\Software\FreeCompressor] [HKCU\Software\Freetvradio] [HKCU\Software\Moovida] [HKLM\Software\BrightBreeze] [HKCU\Software\BrightBreezeSA] [HKCU\Software\tonemaker] [HKLM\Software\tonemaker]

—\\ Contenu des dossiers Program Files (O43)
O43 – CFD: 14/12/2010 – 16:54:14 —-D- C:\Users\Coolman\AppData\Roaming\freeTVRadio
O43 – CFD: 12/02/2011 – 11:47:12 – [20331] —-D- C:\Documents and Settings\Coolman\Local Settings\Application Data\crazyloader Air
O43 – CFD: 01/12/2010 – 16:07:04 – [17,975] —-D C:\Program Files\ToneMaker
O43 – CFD: 01/12/2010 – 16:14:05 – [0,001] —-D C:\Documents and Settings\Coolman\Application Data\tonemaker

—\\ Derniers fichiers créés par Windows Prefetcher (O45)
O45 – LFCP:[MD5.A5A80F2A7327A9545C9E5D57521DE6BE] – 26/06/2013 – 12:49:53 —A- – C:\Windows\Prefetch\PIXEASY_AIR.EXE-3C8C2E06.pf

—\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 25/06/2013 – 15:54:52 —A- C:\Users\philippe\AppData\Local\pixeasy Air\update.sxe [1225] O61 – LFC: 25/06/2013 – 15:54:52 —A- C:\Users\philippe\AppData\Local\pixeasy Air\update.xml [425] O61 – LFC: 26/06/2013 – 12:49:43 —A- C:\Users\philippe\AppData\Local\pixeasy Air\cid.txt [16] O61 – LFC: 26/06/2013 – 12:54:47 —A- C:\Users\philippe\AppData\Local\pixeasy Air\history.db [159744]

—\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.89A8CDFD4A3F17F050C47F8B66A92525] [SPRF] (.Secure Digital Services – FreeTvRadio.) — C:\Users\Coolman\AppData\Local\Temp\freeTVRadio_update.exe [1046832]

—\\ Firewall Active Exception List (FirewallRules) (O87)
O87 – FAEL: « TCP Query User{468706D2-FAD1-4BC4-B34E-A8BBE879834E}C:\program files (x86)\freetvradio\freetvradio.exe » |In – Private – TRUE | .(…) — C:\program files (x86)\freetvradio\freetvradio.exe
O87 – FAEL: « UDP Query User{1AC12F2D-4FF7-4001-9A19-E18F5CB9324C}C:\program files (x86)\freetvradio\freetvradio.exe » |In – Private – TRUE | .(…) — C:\program files (x86)\freetvradio\freetvradio.exe

—\\ Scan Additionnel (O88 )
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrightBreezeSA] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6084C211-01A1-464E-97A0-09772E122B50}] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835525BE-63BD-4EC4-9425-00CEAD4849C2}] [HKLM\SOFTWARE\Classes\Installer\Features\EB525538DB364CE4495200ECDA84942C] [HKLM\SOFTWARE\Classes\Installer\Products\EB525538DB364CE4495200ECDA84942C] [HKCU\Software\Crazyloader] [HKCU\Software\FreeCompressor] [HKCU\Software\Freetvradio] [HKCU\Software\Moovida] [HKCU\Software\JavaSoft\Prefs\crazyloader] [HKLM\Software\BrightBreeze] [HKCU\Software\BrightBreezeSA] HKCU\Software\JavaSoft\Prefs\crazyloader
C:\Users\Coolman\AppData\Roaming\Crazyloader
C:\Program Files\Fluendo\Moovida\spointer
C:\program files (x86)\freetvradio
C:\Documents and Settings\Coolman\Local Settings\Application Data\crazyloader Air
C:\Program Files\BrightBreeze
C:\Program Files\Widestream6
C:\Program Files\Crazyloader\spointer

—\\ Product Upgrade Codes (O90)
O90 – PUC: « 112C48061A10E464790A9077E221B205 » . (.Moovida.) — C:\Windows\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\ARPPRODUCTICON.exe
O90 – PUC: « 02639FE151B44BD40BAE88E9F2810718 » . (.FreeCompressor.) — C:\Windows\Installer\{1EF93620-4B15-4DB4-B0EA-889E2F187081}\ARPPRODUCTICON.exe

—\\ Windows Installer Scan (NTFS)(O93)
[MD5.8AF5195348AD7D6EE381EDC9D2B81871] [WIS][12/12/2010] (.Secure Digital Services – Moovida.) — C:\Windows\Installer\6e2304a.msi [2275840] [MD5.669E5C5BF9D7E9B2C1A210089B712C29] [WIS][01/12/2010] (.Secure Digital Services – PlayerSide.) — C:\Windows\Installer\8251e3.msi [2785792] [MD5.51CD0940D7397F8EDC45C6D2B1F950E6] [WIS][01/12/2010] (.Secure Digital Services – ToneMaker.) — C:\Windows\Installer\8251e7.msi [2719744] [MD5.ECEFB4ED037000D534219C26C1908DCD] [WIS][01/12/2010] (.Secure Digital Services – FreeCompressor.) — C:\Windows\Installer\825208.msi [2488320]

Supprimer (Remove) :

– Supprimer l’extension «  » de tous les navigateurs installés,
– Supprimer le plugin «  » de tous les navigateurs installés,
– Supprimer le logiciel « Moovida » via le panneau de configuration Windows,
– Supprimer le logiciel « Widestream » via le panneau de configuration Windows,
– Supprimer le logiciel « ToneMaker » via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
Nettoyer avec ZHPCleaner

Rate this post
Retour en haut