PUP.Optional.SaveSense

SaveSense est un programme qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits.
– Il recueille vos habitudes de navigations et les communique à un serveur (Tracking).
– Il assure la promotion de ses produits (publicités) et bouste le classement des sites sponsorisés.

0

Caractéristiques :

– Il appartient à une famille de PUP Optionnels (Potentially Unwanted Program).
– Vendeur : PUP.Optional.

Actions principales :

– Il s’installe en tant que BHO (Browser Helper Object) de Navigateur internet (O2),
– Il s’installe en tant que service pour être lancé à chaque démarrage du système (O23),(SS/SR),
– Il démarre une tâche planifiée en automatique (O39),
– Il s’installe en tant que programme (O42),
– Il crée de multiples clés de Registre “Software”,
– Il crée des dossiers supplémentaires (O43),

Aperçu ZHPDiag :

—-\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: SaveSense [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][64Bits] – {0F21B1E5-5AFC-43C9-9C66-515046E92EC2} . (.SaveSense – SaveSense for IE.) — C:\Program Files (x86)\SaveSense\SaveSenseIE.dll

—\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: SaveSenseLive Service (savesenselive) (savesenselive) . (.SaveSense – SaveSenseLive Update.) – C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 – Service: SaveSenseLive Service (savesenselivem) (savesenselivem) . (.SaveSense – SaveSenseLive Update.) – C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe

—\\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job [938]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job [942]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\SaveSense.job [292]
[MD5.6F2939B1EC17A6631106CFD013A9CD77] [APT] [SaveSense] (…) — C:\Users\Coolman\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe [199176]
[MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineCore] (.SaveSense.) — C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920]
[MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineUA] (.SaveSense.) — C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920]

—\\ Logiciels installés (O42)
O42 – Logiciel: SaveSense (remove only) – (.SaveSense.) [HKLM][64Bits] — SaveSense
O42 – Logiciel: SaveSense – (…) [HKCU][64Bits] — SaveSense

—\\ HKCU & HKLM Software Keys
[HKCU\Software\SaveSenseLive]
[HKLM\Software\Wow6432Node\SaveSenseLive]

—\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 19/11/2013 – 20:51:33 – [1,262] —-D C:\Program Files (x86)\SaveSense
O43 – CFD: 19/11/2013 – 20:51:46 – [3,431] —-D C:\Program Files (x86)\SaveSenseLive
O43 – CFD: 19/11/2013 – 20:51:46 – [0,143] —-D C:\ProgramData\SaveSenseLive
O43 – CFD: 19/11/2013 – 20:51:44 – [0,190] —-D C:\Users\Coolman\AppData\Roaming\SaveSense
O43 – CFD: 19/11/2013 – 20:51:33 – [0,001] —-D C:\Users\Coolman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense

—\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Auto 19/11/2013 146920 | (savesenselive) . (.SaveSense.) – C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
SS – | Demand 19/11/2013 146920 | (savesenselivem) . (.SaveSense.) – C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe

—\\ Scan Additionnel (O88 )
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense]
[HKLM\SYSTEM\CurrentControlSet\Services\savesenselive]
[HKLM\SYSTEM\CurrentControlSet\Services\savesenselivem]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}]
[HKLM\Software\Classes\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}]
[HKCU\Software\SaveSenseLive]
[HKLM\Software\Wow6432Node\SaveSenseLive]
C:\Program Files (x86)\SaveSense
C:\Program Files (x86)\SaveSenseLive
C:\Program Files (x86)\SaveSense\SaveSenseIE.dll
C:\Users\Coolman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
C:\ProgramData\SaveSenseLive
C:\Users\Coolman\AppData\Roaming\SaveSense
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job

Alias :

Adware Bundle [Dr.Web]
Adware.Shopper

Similitudes :

Adware.ShoppingReport, PUP.SaveSense

Liens :

Parasite, may come bundled with various third party software
Antivirus Report of SAVESENSELIVEHANDLER.EXE

Supprimer (Remove) :

– Supprimer l’extension “Qone8” de tous les navigateurs installés,
– Supprimer le logiciel “Qone8 Browser Protecter” via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
Nettoyer avec ZHPCleaner[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Retour haut de page