4.9/5 - (8 votes)

CrossRider, Logiciel Potentiellement Indésirable.

CrossRider correspond à une famille de logiciels Optionnels Potentiellement Indésirables avec des fonctionnalités d’adware, de pirate de navigateur et de polluteware. 

Il ajoute d’autres programmes à l’insu de l’utilisateur. Il pollue les unités de stockage et/ou la Base de Registres.

Il s’installe avec des noms de programme aléatoires comme “Savings Wave“, “Video-high“, “BrowsersAppProPlus” ou encore “MedPlayV3“. Il recueille vos habitudes de navigations et les communique à un serveur (Tracking).

Les Logiciel Potentiellement Indésirable (PUP/LPI) peuvent lancer des services, démarrer des tâches planifiées et créer des raccourcis sur votre Bureau. Toutes ces opérations se font avec ou sans votre consentement selon les termes de son contrat d'utilisation. Une fois installé, un LPI peut modifier certains paramètres de vos navigateurs comme par exemple les pages de recherches, la page de démarrage ou encore votre page d'erreur. Il peut recueillir vos habitudes de navigation et les communiquer à un serveur par la méthode de tracking. En cours de navigation il peut afficher des annonces (coupons) et des bannières publicitaires (popups). L'objectif de ce programme est bien souvent de gagner de l'argent en générant du trafic Web vers des sites sponsorisés.


Les logiciels potentiellement indésirables (LPI) ou Potentialy Unwanted Programs (PUP) sont à l’origine de nombreuses infections. L’exemple le plus souvent rencontré est celui des adwares InstallCore, CrossRider, Graftor ou Boxore qui polluent la Base de Registres et vos unités de stockage de données. Ils s’installent généralement à votre insu via le téléchargement de gratuiciels. En effet certains sites utilisent la méthode de repaquetage, une opération qui consiste à refaire le module d’installation du logiciel en y ajoutant des options de téléchargement. Ces options permettent d’ajouter d’autres logiciels comme par exemple des barres d’outils de navigateur, des adwares, des logiciels potentiellement indésirables, des logiciels à publicités intrusives, voire des pirates de navigateur.


Les logiciels espions (spywares) et les logiciels publicitaires (Adwares) indésirables, tout comme les malwares,  peuvent utiliser les failles d'écriture des logiciels légitimes ou celles des systèmes d'exploitation. Il est donc essentiel d'avoir des logiciels officiels et qu'ils disposent d'une mise à jour automatique. De même votre système d'exploitation Windows doit être programmé en mode update automatique et activé, de façon à pouvoir disposer des dernières mises à jour de failles critiques de sécurité.

CrossRider

ÉLÉMENTS TECHNIQUES

 Caractéristiques

– Il s’installe en tant que processus lancé au démarrage du système (RP),
– Il installe un programme d’extension pour le navigateur Google Chrome (G2)
– Il installe des programmes d’extension pour le navigateur Mozilla Firefox (M2):
– Il s’installe en tant que BHO (Browser Helper Object) de Navigateur internet (O2),
– Il s’installe dans la Base de Registres afin d’être lancé à chaque démarrage du système (O4)
– Il démarre une tâche planifiée en automatique (O39),
– Il s’installe en tant que programme (O42),
– Il crée de multiples clés de Registre “Software”,
– Il modifie le fournisseur de recherche Internet (O69),
– Il pollue la base de Registres avec de nombreuses clés et valeurs (O88 ),

 Editeurs associés

BetterDeals,
CinamHDPure
Corporate Inc,
Freeven,
Innovative Apps,
LKB boby soft

 Aperçu dans les rapports

Recensé le 19/05/2013
Numéro de série : 15BE65185D88F5DE7A3448CCA2ADF5A7
Numéro de série : 3CA29099B9BFC9588C192E76F20EAF86
Numéro de série : 35A869FCC12511DF6082FA913302AD11
[MD5.4239A0205C7C210A2787E2E8197C4AC8] – (.shift – Friven_s_Pro_16 exe.) — C:\Program Files (x86)\Friven_s_Pro_16\Friven_s_Pro_16-nova.exe [593768] [PID.2684]
[MD5.0543F3B68F45FA6C641CBB528A3AEA54] – (.shift – Frieven_s_Prox_1.8 exe.) — C:\program files (x86)\frieven_s_prox_1.8\frieven_s_prox_1.8-bg.exe [577384] [PID.8456]
[MD5.B723D7C2793B20EFB42AA9B8E8889D80] [SPRF][24/07/2014] (.Dwnloader – Dwnloader Setup.) — D:\Bureau\Setup.exe [414200]
[MD5.7E20B594C938AB70D9DC4E5E6B365F38] – (…) — C:\Users\Coolman\AppData\Local\fabulous_07261115\fabulous_07261115.exe [2293760] [PID.1424]
[MD5.75EF5C0ABD3306D094B23C03BBECBDEC] – (.Corporate Inc – winservice86 exe.) — C:\Program Files (x86)\winservice86\721bec50-90c3-42e5-9ee9-a7a3f064a495.exe [370544] [PID.1924]
[MD5.13B8012D03A1BBA6AD4CA241A4D19E69] – (.Pas de propriétaire – Torpedo.) — C:\Program Files\videos+ MediaPlayer+\1cc062c8-4b55-4e61-9226-b044dded3960.exe [32152] [PID.2984]
G2 – GCE: Preference [User Data\Default] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.65 (Désactivé )
G2 – GCE: Preference [User Data\Default] [pgjflcoiggljdahilbdhjodelfpgaebm] Color FB v.1.23.97, (Désactivé )
G2 – GCE: Preference [User Data\Default] [fglhnbihmeinbfgalpnaiembmdhfijli] Feven v.1.23.23, (Activé )
G2 – GCE: Preference [User Data\Default] [hjghiofiijcepdnocbgefbdlbckjfheg] Feven Pro 1.1 v.1.26.18, (Activé)
G2 – GCE: Preference [User Data\Default] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.24.6 (Activé )
G2 – GCE: Preference [User Data\Default] [deghekbbihbapplmbffglehkdhkeibbm] HQVid1.9v3 v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [lgonpmchaeokedifbjenbcnjcdefdceg] FLV Player Addon v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [dmgpbjjcdccinnndjdgmegndbmhbgglb] Fpro1.2 v.1.26.29, (Activé) //Attention avec PDFpro1 LEGITIME
G2 – GCE: Preference [User Data\Default] [majjphhgppkndjjkmhhnbgafooenebhd] MPlayerplus v.1.26.31, (Activé)
G2 – GCE: Preference [User Data\Default] [ceenmgoldhkkegcnlieacjjhndklllkp] Frevens Pro 12 v.1.26.15, (Activé)
G2 – GCE: Preference [User Data\Default] [fbjkggpkjbbmknmckfdelgiebjfhlklj] AllSaver v.1.4 (Activé)
G2 – GCE: Preference [User Data\Default] [lndipknmjijnalnkamonmljeaojdbpna] Week Index v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [ceenmgoldhkkegcnlieacjjhndklllkp] Frieven_s_Prox_1.8 v.1.26.18, (Activé)
G2 – GCE: Preference [User Data\Default] [mfhkgfigejkhikbkfkkglinnkfojkdek] Clock View v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [ldikpdnngdmeceeameoaannjilbjppnm] Custom Print v.0.1, (Activé)
G2 – GCE: Preference [User Data\Default] [ookcommfdhjlndngjeppjcolccnkjgho] Favicon Grabber v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [dnaojefanpmakfgcaliphepgoiiafmpf] video MediaPlay-Air v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [mpfeggemggokijeahnacacopejaabljl] Plus-HD-2.6 v.1.23.7, (Activé )
G2 – GCE: Preference [User Data\Default] [ffhfoagmjcnkolneahbpagjcjjaeofbg] Browsers App v.1.26.10, (Activé)
G2 – GCE: Preference [User Data\Default] [hcbpgfdicpejhfdgnpnggefimkncelki] Auto Clip v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [kpiglpdbbmcnncekagalndhicllimchm] Reddit this! v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [onlnnachibjmjahfpoemhledlpakoicg] Remove Bloat! v.0.1 (Activé)
G2 – GCE: Preference [User Data\Default] [eeibjhjmddgcdbniedjoghdgbofbecad] Wiki Like v.0.1, (Activé)
G2 – GCE: Preference [User Data\Default] [dndpbhehbclolnjdfholblgioegcadih] BobyLyrics-15 v.1.25.15, (Activé)
G2 – GCE: Preference [User Data\Default] [jfmejhpappjkfglmlfgahliibnfgjibh] HQualityPro-1.6V03.10 v.1.26.33, (Désactivé)
G2 – GCE: Preference [User Data\Default] [hoidflomjnnnbiemmkjdjkkialmhbago] Browsers+_App+s+ v.1.26.9, (Activé)
G2 – GCE: Preference [User Data\Default] [cgbeihidkikgdcoogkeoeconphggdhop] Total-1.8 v.1.26.53, (Activé)
G2 – GCE: Preference [User Data\Default] [ofaemmlijemfcopjandkcndefpnacabg] HQual2y-v2.5V01.11 v.1.26.76, (Désactivé)
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dndpbhehbclolnjdfholblgioegcadih [BobyLyrics-15]
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek [Clock View]
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp [Frieven_s_Prox_1.8]
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [Text Highlighter]
G2 – EXT: C:\Users\Ryad\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlnnachibjmjahfpoemhledlpakoicg [Remove Bloat!]
G2 – EXT: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeibjhjmddgcdbniedjoghdgbofbecad [Wiki Like]
G2 – EXT: C:\Users\carolephiphi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg [HQual2y-v2.5V01.11]
M2 – MFEP: prefs.js [Coolman – plj96prl.default\crossriderapp12765@crossrider.com] [] Savings Wave v2.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\crossriderapp2258@crossrider.com] [] I Want This v5.0.7.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182.com] [] Feven v (..)
O2 – BHO: CrossriderApp0012765 [64Bits] – {11111111-1111-1111-1111-110111271165} . (.Innovative Apps – Savings Wave BHO.) — C:\Program Files (x86)\Savings Wave\Savings Wave-bho.dll
O2 – BHO: CrossriderApp0027096 [64Bits] – {11111111-1111-1111-1111-110211701196} . (.Corporate Inc – Services x86 BHO.) — C:\Program Files (x86)\Services x86\Services x86-bho.dll
O2 – BHO: CrossriderApp0031554 [64Bits] – {11111111-1111-1111-1111-110311151154} . (.Feven – Feven BHO.) — C:\Program Files (x86)\Feven\Feven-bho.dll
O2 – BHO: HDvid-Codec V9.0 – {11111111-1111-1111-1111-110511131156} . (…) — c:\program files\hdvid-codec v9.0\HDvid-Codec V9.0-bho.dll
O2 – BHO: CrossriderApp0059599 [64Bits] – {11111111-1111-1111-1111-110511951199} . (.enter – video MediaPlay-Air BHO.) — C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-bho.dll
O2 – BHO: Vaudix [64Bits] – {33352849-DE7E-1FEA-41E2-A93D67F34C33} . (…) — C:\Program Files (x86)\Vaudix\1Swh5Aa.dll
O2 – BHO: CrossriderApp0043914 [64Bits] – {11111111-1111-1111-1111-110411391114} . (.LKB boby soft – BobyLyrics-15 BHO.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-bho.dll
O2 – BHO: edccb4a004ec01329fbb0fbe6070a3f60063285 – {11111111-1111-1111-1111-110611321185} . (.HDPlus-01TotalV21.09 – TotalPlus01-3.1V21.09 BHO.) — C:\Program Files\TotalPlus01-3.1V21.09\TotalPlus01-3.1V21.09-bho.dll
O2 – BHO: e105fff0f3e80131b6584734478597d40061911 [64Bits] – {11111111-1111-1111-1111-110611191111} . (.iWebar – Ge-Force BHO.) — C:\Program Files (x86)\Ge-Force\Ge-Force-bho.dll
O4 – HKCU\..\Run: [fabulous_07261115] . (…) — c:\users\Coolman\appdata\local\fabulous_07261115\fabulous_07261115.exe
O4 – HKUS\S-1-5-21-1137401237-2199336907-3109346764-1000\..\Run: [fabulous_07261115] . (…) — c:\users\Coolman\appdata\local\fabulous_07261115\fabulous_07261115.exe
[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] [APT] [Updater12765.exe] (.Innovative Apps.) — C:\Users\Coolman\AppData\Local\Updater12765\Updater12765.exe [210312]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-chromeinstaller.job [1872]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-codedownloader.job [1176]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-enabler.job [1076]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-firefoxinstaller.job [1796]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-updater.job [1172]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job [1976]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-codedownloader.job [1262]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-enabler.job [1162]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job [1900]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-updater.job [1356]
[MD5.3358CCA51C64ACF4968F0B78B1151B9D] [APT] [Feven-chromeinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-chromeinstaller.exe [464232]
[MD5.0F603FE8B10DB23F94A5891B477F6D91] [APT] [Feven-codedownloader] (.Feven.) — C:\Program Files (x86)\Feven\Feven-codedownloader.exe [478568]
[MD5.2DD33F1BBE254BE24A5B12D648817BC0] [APT] [Feven-enabler] (.Feven.) — C:\Program Files (x86)\Feven\Feven-enabler.exe [345960]
[MD5.DDED161DE2CB30DB7F32701C862693BB] [APT] [Feven-firefoxinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-firefoxinstaller.exe [725352]
[MD5.987F5D34F03D3C6D200C2A9955DC2FA1] [APT] [Feven-updater] (.Feven.) — C:\Program Files (x86)\Feven\Feven-updater.exe [364392]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-chromeinstaller.job [1296]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-codedownloader.job [1908]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-enabler.job [1832]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-firefoxinstaller.job [1200]
O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-updater.job [1100]
O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-codedownloader.job [1446]
O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-enabler.job [1346]
O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-firefoxinstaller.job [2506]
O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-updater.job [1492]
[MD5.1F1C07E7DE9A70D97E11E7C083FA2331] [APT] [OnlineHD V6.0-chromeinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-chromeinstaller.exe [817664]
[MD5.178DAF15539807530486B929242CEDA2] [APT] [OnlineHD V6.0-codedownloader] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-codedownloader.exe [523776]
[MD5.8D06AD8D0935BD879E62F2927A7470E0] [APT] [OnlineHD V6.0-firefoxinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-firefoxinstaller.exe [886272]
[MD5.D05AE10289E2629973013F193F03B70B] [APT] [OnlineHD V6.0-updater] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-updater.exe [353792]
O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-chromeinstaller.job [2002]
O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-chromeinstaller [2002]
O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-codedownloader.job [1244]
O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-codedownloader [1244]
O39 – APT: OnlineHD V6.0-enabler – (…) — C:\Windows\Tasks\OnlineHD V6.0-enabler.job [1154]
O39 – APT: OnlineHD V6.0-enabler – (…) — C:\Windows\System32\Tasks\OnlineHD V6.0-enabler [1154]
O39 – APT: OnlineHD V6.0-firefoxinstaller – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-firefoxinstaller.job [2236]
O39 – APT: OnlineHD V6.0-firefoxinstaller – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-firefoxinstaller [2236]
O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-updater.job [1352]
O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-updater [1352]
[MD5.FD4B699623E3BFCD0F23B1DCC290A208] [APT] [BobyLyrics-15-chromeinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-chromeinstaller.exe [471040]
[MD5.147579A8789B144AAAC67258297963A1] [APT] [BobyLyrics-15-codedownloader] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-codedownloader.exe [494592]
[MD5.3829BEB6C6E5E6EE689DAEF19419236A] [APT] [BobyLyrics-15-enabler] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-enabler.exe [355840]
[MD5.91CEF1E7BC7CC35BFB4BE523CB509567] [APT] [BobyLyrics-15-firefoxinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-firefoxinstaller.exe [732160]
61F330E3F24D8FBDD3A7A02F7F52FEBF] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-1] (.HDPlus-01TotalV21.09.) — C:\Program Files\TotalPlus01-3.1V21.09\TotalPlus01-3.1V21.09-codedownloader.exe [1110936]
[MD5.66EFD4D54C14927D74DD590E6CD29A5B] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-11] (.HDPlus-01TotalV21.09.) — C:\Program Files\TotalPlus01-3.1V21.09\55d88d94-6b9b-4c81-bb2c-9653d27581f8-11.exe [1965464]
O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 – (.smarts.) — C:\Windows\System32\Tasks\ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 [4490]
O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user – (.smarts.) — C:\Windows\Tasks\ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user.job [1696]
[MD5.CE6C8D1B2BE9E1C93E150C0BA518E03F] [APT] [d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4] (.HighD7.) — C:\Program Files (x86)\HighD-V11\d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4.exe [1435512]
[MD5.94664AD21A2B6383BA1BE658B2C7F6C0] [APT] [dc28f4f3-f705-4d8e-a99d-369241422a99] (…) — C:\Program Files (x86)\HighD-V11\dc28f4f3-f705-4d8e-a99d-369241422a99.exe [32120]


O42 – Logiciel: Savings Wave – (.Innovative Apps.) [HKLM][64Bits] — Savings Wave
O42 – Logiciel: Services x86 – (.Corporate Inc.) [HKLM][64Bits] — Services x86
O42 – Logiciel: video-high – (.videohq.) [HKLM] — video-high
O42 – Logiciel: BetterDeals-11 – (.BetterDeals.) [HKLM][64Bits] — BetterDeals-11
O42 – Logiciel: Fpro1.2 – (.Freeven.) [HKLM] — Fpro1.2
O42 – Logiciel: MPlayerplus – (.Freeven.) [HKLM] — MPlayerplus
O42 – Logiciel: video MediaPlay-Air – (.enter.) [HKLM][64Bits] — video MediaPlay-Air
O42 – Logiciel: HQPureV1.8 – (.HQPure.) [HKLM][64Bits] — HQPureV1.8
O42 – Logiciel: Fabulous discounts – (…) [HKCU] — fabulous_07261115
O42 – Logiciel: Browsers App – (.browser.) [HKLM][64Bits] — Browsers App
O42 – Logiciel: CinamHDPureV9.5 – (.CinamHDPure.) [HKLM][64Bits] — CinamHDPureV9.5
O42 – Logiciel: BobyLyrics-15 – (.LKB boby soft.) [HKLM][64Bits] — BobyLyrics-15
O42 – Logiciel: TotalPlus01-3.1V21.09 – (.HDPlus-01TotalV21.09.) [HKLM] — TotalPlus01-3.1V21.09
O42 – Logiciel: BrowsersAppProPlus-v2.3 – (.browser.) [HKLM][64Bits] — BrowsersAppProPlus-v2.3
O42 – Logiciel: BrowserPlusBApps_version10.1 – (.App.) [HKLM][64Bits] — BrowserPlusBApps_version10.1
O42 – Logiciel: BROsrAppsEd3 – (.BrowserServiApp23.) [HKLM] — BROsrAppsEd3
O42 – Logiciel: MPPlayvideoEd2.0 – (.MediaProPlayer+.) [HKLM] — MPPlayvideoEd2.0
O42 – Logiciel: MedPlayV3.1 – (.PlayersMComp.) [HKLM] — MedPlayV3.1
[HKLM\Software\Wow6432Node\Services x86]
[HKCU\Software\AppDataLow\Software\Services x86]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\AppDataLow\Software\Savings Wave]
[HKCU\Software\Cr_Installer]
[HKLM\Software\Shop-Up]
[HKCU\Software\video-high]
[HKCU\Software\AppDataLow\Software\Frieven_s_Prox_1.8]
[HKCU\Software\AppDataLow\Software\video MediaPlay-Air]
[HKCU\Software\fabulous]
[HKCU\Software\AppDataLow\Software\Browsers App]
[HKLM\Software\Wow6432Node\CinamHDPureV9.5-nv]
[HKCU\Software\AppDataLow\Software\BobyLyrics-15]
[HKLM\Software\Wow6432Node\V-9.1HQ-nv]
[HKCU\Software\AppDataLow\Software\winservice86]
[HKLM\Software\Wow6432Node\winservice86-nv]
[HKLM\Software\Wow6432Node\winservice86]
[HKCU\Software\AppDataLow\Software\TotalPlus01-3.1V21.09]
[HKCU\Software\HBLDI]
[HKLM\Software\Browsers+_App+s+-nv]
[HKLM\Software\Browsers+_App+s+]
[HKCU\Software\AppDataLow\Software\BrowsersAppProPlus-v2.3]
[HKLM\Software\HQual2y-v2.5V01.11-nv]
[HKLM\Software\Wow6432Node\HQual2y-v2.5V01.11-nv]
[HKLM\Software\Wow6432Node\VideoMedia+Player_v2.3-nv]
[HKCU\Software\AppDataLow\Software\HD_Quality_v1.1V21.11]
[HKCU\Software\AppDataLow\Software\I – Cinema]
[HKLM\Software\Wow6432Node\I – Cinema-nv]
[HKLM\Software\Wow6432Node\Ge-Force]
[HKCU\Software\SavePass 1.1-nv]
[HKCU\Software\SavePass 1.1]
[HKCU\Software\Sense-nv]
[HKLM\Software\CinPlus-2.4cV03.12-nv]
O43 – CFD: 07/04/2013 – 00:38:19 – [0,009] —-D C:\Users\Coolman\AppData\Local\Services x86
O43 – CFD: 02/04/2013 – 18:59:59 – [0] —-D C:\Users\Coolman\AppData\Local\Savings Wave
O43 – CFD: 18/05/2013 – 17:52:32 – [0,201] —-D C:\Users\Coolman\AppData\Local\Updater12765
O43 – CFD: 20/05/2013 – 15:11:27 – [4,447] —-D C:\Program Files (x86)\Services x86
O43 – CFD: 06/10/2013 – 21:26:41 – [5,338] —-D C:\Program Files\Shop-Up
O43 – CFD: 09/03/2014 – 19:01:31 – [5,541] —-D C:\Program Files\video-high
O43 – CFD: 25/04/2014 – 03:20:22 – [] —-D C:\Program Files (x86)\BetterDeals-11
O43 – CFD: 11/05/2014 – 21:29:15 – [] —-D C:\Program Files (x86)\BobyLyrics-15
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program files\HDvid-Codec V9.0
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program files\hdvidcodec.com
O43 – CFD: 23/07/2014 – 02:07:42 – [] —-D C:\Program Files (x86)\video MediaPlay-Air
O43 – CFD: 22/07/2014 – 23:17:02 – [] —-D C:\Program Files (x86)\HQPureV1.8
O43 – CFD: 26/07/2014 – 13:15:32 – [] —-D C:\Users\Coolman\AppData\Local\fabulous_07261115
O43 – CFD: 31/07/2014 – 20:07:44 – [] —-D C:\Program Files (x86)\Browsers App
O43 – CFD: 18/08/2014 – 01:36:34 – [] —-D C:\Program Files (x86)\CinamHDPureV9.5
O43 – CFD: 16/09/2014 – 19:47:05 – [] —-D C:\Program Files (x86)\winservice86
O43 – CFD: 21/09/2014 – 17:06:31 – [] —-D C:\Program Files\TotalPlus01-3.1V21.09
O43 – CFD: 02/12/2014 – 14:16:48 – [] —-D C:\Program Files (x86)\Ge-Force
O43 – CFD: 01/12/2014 – 16:25:24 – [0] —-D C:\Program Files\Cinema Video Pro 2.1V14.11
O43 – CFD: 15/02/2015 – 22:43:22 – [] —-D C:\Program Files\MedPlayV3.1
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\chrome_1da37a02e412dbdb6c2392f85ed86555.ico [55773]
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\firefox_266215028a0bf0cee2a4f5132062976d.ico [295606]
O61 – LFC: 26/07/2014 – 13:17:01 —A- . (…) — C:\Users\Coolman\AppData\Local\fabulous_07261115\fabulous_07261115.exe [2293760]
O69 – SBI: prefs.js [Coolman – rwby5je5.default] user_pref(“extensions.crossrider.bic”, “13de1811d542bec9b2bf2643f3b612eb”);
O69 – SBI: prefs.js [Coolman – tlj96prl.default] user_pref(“extensions.crossriderapp12765.12765.InstallationThankYouPage”, true);
[HKCR\CLSID\{22222222-2222-2222-2222-220522312272}] (CrossriderApp0053172.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BetterDeals-11]
[HKLM\Software\Wow6432Node\Services x86]
[HKCU\Software\AppDataLow\Software\Services x86]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211701196}]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\AppDataLow\Software\Savings Wave]
[HKCU\Software\Cr_Installer]
[HKLM\Software\Classes\CrossriderApp0002258.BHO.1]
[HKLM\Software\Classes\CrossriderApp0002258.FBApi.1]
[HKLM\Software\Classes\CrossriderApp0002258.Sandbox.1]
[HKLM\Software\Google\Chrome\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm]
[HKLM\Software\Google\Chrome\Extensions\kigpmgkoelepakabiliblldhdpnidcod]
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod
C:\Users\Coolman\AppData\Local\Services x86
C:\Users\Coolman\AppData\Local\Savings Wave
C:\Users\Coolman\AppData\Local\Updater12765
C:\Program Files (x86)\Services x86
C:\Program Files (x86)\Feven
C:\Program Files\Shop-Up
C:\WINDOWS\tasks\Shop-Up-updater.job
C:\WINDOWS\tasks\Shop-Up-enabler.job
C:\WINDOWS\tasks\Shop-Up-chromeinstaller.job
C:\WINDOWS\tasks\Shop-Up-firefoxinstaller.job
C:\WINDOWS\tasks\Shop-Up-codedownloader.job
C:\Program Files (x86)\Shop-Up
C:\Program Files (x86)\Shop-Up\Shop-Up-updater.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-firefoxinstaller.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-enabler.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-codedownloader.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-chromeinstaller.exe
C:\Program Files (x86)\BetterDeals-11
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.10_0\crossrider
C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-chromeinstaller
C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-codedownloader
C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-enabler
C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-firefoxinstaller
C:\Windows\Tasks\HDvid-Codec V9.0-updater.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-updater
C:\Program Files (x86)\Ultimate Companion\ultimate_companion_helper_service.exe

Recensé le 22/06/2016
[MD5.237AAA173D673B77740BE6AE3359AE47] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\hnsyEE62.tmp [138240] [PID.2096]
[MD5.AB798F6DF51BCCB31E1E42E5F77ACB4F] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\jnstD52B.tmp [244224] [PID.2260]
[MD5.5247686493366E09A2C4BF0C9A9369D9] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\knsq79B2.tmp [356352] [PID.4660]
SR – Auto [22/06/2016] [ 244224] Renew Single Click (dowidoly) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\jnstD52B.tmp
SR – Auto [22/06/2016] [ 138240] Reservation Plastic (rijufoze) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\hnsyEE62.tmp
SR – Auto [22/06/2016] [ 356352] Check Default (vopudypezbt) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\knsq79B2.tmp
O43 – CFD: 22/06/2016 – [] D — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A
HKLM\SYSTEM\CurrentControlSet\Services\dowidoly
HKLM\SYSTEM\CurrentControlSet\Services\rijufoze
HKLM\SYSTEM\CurrentControlSet\Services\vopudypezbt

Recensé le 11/03/2017
FOUND file: C:\Users\Coolman\AppData\Roaming\Kyubey\Kyubey.exe
FOUND folder: C:\Users\Coolman\AppData\Roaming\Kyubey
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Kyubey [C:\Users\Coolman\AppData\Roaming\Kyubey\Kyubey.exe

 Alias

PUP.Optional.Crossrider [Malwarebytes]
Adware.CrossRider [Malwarebytes]
a variant of Win32/Toolbar.CrossRider.AX [ESET-NOD32]

COMMENT SUPPRIMER CrossRider ?

Supprimer avec Windows

Supprimer avec ZHPCleaner

   Supprimer avec ZHPSuite

Responsabilité :   Le principe d'absence de responsabilité du site d'origine, au regard des contenus des sites cibles pointés, est rappelé par l'arrêt du 19 septembre 2001 de la Cour d'Appel de Paris. Les propos que je tiens ici reflètent mon opinion et sont des suggestions - le visiteur n'est pas obligé de les suivre.

A propos de l'auteur

Laisser un commentaire

Retour en haut