CrossRider, Potentially unwanted software.

CrossRider is a family of Optionnels potentially unwanted software with features of adware, Pirate browser and polluteware.

He added other programs without the knowledge of the user. It pollutes storage units and/or the Base of registers.

He moved with random as names of program «» Savings Wave« , « Video-high« , « BrowsersAppProPlus «or «» MedPlayV3« . He collects your navigation habits and transmits them to a server (Tracking).

Potentially unwanted software (PUP/LPI) can launch services, Start scheduled tasks and create shortcuts on your desktop. All these operations are carried out with or without your consent under the terms of his contract of use. Once installed, a LPI may change some settings in your browsers, like for example the pages of research, the start page or even your error page. It can collect your browsing habits and communicate them to a server by the method of tracking. During navigation it can display ads (coupons) and banner ads (popups). The goal of this program is often to win money by generating Web traffic to sponsored sites.

Potentially unwanted software (LPI)

Potentially unwanted software (LPI) or potentially Unwanted Programs (PUP) are the cause of many infections. The most frequently encountered example is adware InstallCore, CrossRider, Graftor or Boxore pollute your data storage units and the Base of records. They usually settled without your knowledge via freeware download. In fact some sites use the repaquetage method, an operation that is to repeat the installation of the software module by adding download options. These options allow you to add other software as for example browser tool bars, the adware, potentially unwanted software, intrusive ads software, and even browser hijackers.


Spyware (spyware) and adware (Adware) unwanted, as malware, can use the vulnerabilities of writing the legitimate software or operating systems. It is therefore essential to have official software and that they have an automatic update. Your Windows operating system must be programmed in mode update automatic and active, in order to have the latest updates of critical security vulnerabilities.

CrossRider is a family of Optionnels potentially unwanted software with features of adware, Pirate browser and polluteware. He added other programs without the knowledge of the user. It pollutes the storage units and the Base of registers.

ELEMENTS TECHNIQUES

Features

See the detail of the lines

– He settled as a process launched at system startup (RP),
– It installs a program extension for Google Chrome browser (G2)
– It installs programs of extension for the Mozilla Firefox browser (M2):
– It can be installed as a BHO (Browser Helper Object) internet browser (O2),
– He settled in the Base of registers to be launched each time the system starts (O4)
– It starts a scheduled automatic task (O39),
– He settled as a program (O42),
– It creates multiple keys from registry "Software".,
– It changes the Internet search provider (O69),
– It pollutes the system registry with many keys and values (O88 ),

[collapse]

 

Associate editors

See the detail of the lines

BetterDeals,
CinamHDPure
Corporate Inc.,
Freeven,
Innovative Apps,
LKB soft boby

[collapse]

Aperçu dans les rapports

See the detail of the lines

Recensé le 19/05/2013
Numéro de série : 15BE65185D88F5DE7A3448CCA2ADF5A7
Numéro de série : 3CA29099B9BFC9588C192E76F20EAF86
Numéro de série : 35A869FCC12511DF6082FA913302AD11
[MD5.4239A0205C7C210A2787E2E8197C4AC8] – (.shift – Friven_s_Pro_16 exe.) — C:\Program Files (x86)\Friven_s_Pro_16Friven_s_Pro_16-nova.exe [593768] [PID.2684]
[MD5.0543F3B68F45FA6C641CBB528A3AEA54] – (.shift – Frieven_s_Prox_1.8 exe.) — C:\program files (x86)\frieven_s_prox_1.8frieven_s_prox_1.8-bg.exe [577384] [PID.8456]
[MD5. B723D7C2793B20EFB42AA9B8E8889D80] [SPRF][24/07/2014] (.Dwnloader – Dwnloader Setup.) — D:\BureauSetup.exe [414200]
[MD5.7E20B594C938AB70D9DC4E5E6B365F38] – (…) — C:\UsersCoolmanAppDataLocalfabulous_07261115fabulous_07261115.exe [2293760] [PID.1424]
[MD5.75EF5C0ABD3306D094B23C03BBECBDEC] – (.Corporate Inc. – winservice86 exe.) — C:\Program Files (x86)\winservice86721bec50-90c3-42e5-9ee9-a7a3f064a495.exe [370544] [PID.1924]
[MD5.13B8012D03A1BBA6AD4CA241A4D19E69] – (.Pas de propriétaire – Torpedo.) — C:\Program Filesvideos+ MediaPlayer+1cc062c8-4b55-4e61-9226-b044dded3960.exe [32152] [PID.2984]
G2 – GCE: Preference [User DataDefault] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.65 (Désactivé )
G2 – GCE: Preference [User DataDefault] [pgjflcoiggljdahilbdhjodelfpgaebm] Color FB v.1.23.97, (Désactivé )
G2 – GCE: Preference [User DataDefault] [fglhnbihmeinbfgalpnaiembmdhfijli] Feven v.1.23.23, (Activated )
G2 – GCE: Preference [User DataDefault] [hjghiofiijcepdnocbgefbdlbckjfheg] Feven Pro 1.1 v.1.26.18, (Activated)
G2 – GCE: Preference [User DataDefault] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.24.6 (Activated )
G2 – GCE: Preference [User DataDefault] [deghekbbihbapplmbffglehkdhkeibbm] HQVid1.9v3 v.1.26.35, (Activated)
G2 – GCE: Preference [User DataDefault] [lgonpmchaeokedifbjenbcnjcdefdceg] FLV Player Addon v.1.26.35, (Activated)
G2 – GCE: Preference [User DataDefault] [dmgpbjjcdccinnndjdgmegndbmhbgglb] Fpro1.2 v.1.26.29, (Activated) //Attention avec PDFpro1 LEGITIME
G2 – GCE: Preference [User DataDefault] [majjphhgppkndjjkmhhnbgafooenebhd] MPlayerplus v.1.26.31, (Activated)
G2 – GCE: Preference [User DataDefault] [ceenmgoldhkkegcnlieacjjhndklllkp] Frevens Pro 12 v.1.26.15, (Activated)
G2 – GCE: Preference [User DataDefault] [fbjkggpkjbbmknmckfdelgiebjfhlklj] AllSaver v.1.4 (Activated)
G2 – GCE: Preference [User DataDefault] [lndipknmjijnalnkamonmljeaojdbpna] Week Index v.0.1 (Activated)
G2 – GCE: Preference [User DataDefault] [ceenmgoldhkkegcnlieacjjhndklllkp] Frieven_s_Prox_1.8 v.1.26.18, (Activated)
G2 – GCE: Preference [User DataDefault] [mfhkgfigejkhikbkfkkglinnkfojkdek] Clock View v.0.1 (Activated)
G2 – GCE: Preference [User DataDefault] [ldikpdnngdmeceeameoaannjilbjppnm] Custom Print v.0.1, (Activated)
G2 – GCE: Preference [User DataDefault] [ookcommfdhjlndngjeppjcolccnkjgho] Favicon Grabber v.0.1 (Activated)
G2 – GCE: Preference [User DataDefault] [dnaojefanpmakfgcaliphepgoiiafmpf] video MediaPlay-Air v.1.26.35, (Activated)
G2 – GCE: Preference [User DataDefault] [mpfeggemggokijeahnacacopejaabljl] Plus-HD-2.6 v.1.23.7, (Activated )
G2 – GCE: Preference [User DataDefault] [ffhfoagmjcnkolneahbpagjcjjaeofbg] Browsers App v.1.26.10, (Activated)
G2 – GCE: Preference [User DataDefault] [hcbpgfdicpejhfdgnpnggefimkncelki] Auto Clip v.0.1 (Activated)
G2 – GCE: Preference [User DataDefault] [kpiglpdbbmcnncekagalndhicllimchm] Reddit this! v.0.1 (Activated)
G2 – GCE: Preference [User DataDefault] [onlnnachibjmjahfpoemhledlpakoicg] Remove Bloat! v.0.1 (Activated)
G2 – GCE: Preference [User DataDefault] [eeibjhjmddgcdbniedjoghdgbofbecad] Wiki Like v.0.1, (Activated)
G2 – GCE: Preference [User DataDefault] [dndpbhehbclolnjdfholblgioegcadih] BobyLyrics-15 v.1.25.15, (Activated)
G2 – GCE: Preference [User DataDefault] [jfmejhpappjkfglmlfgahliibnfgjibh] HQualityPro-1.6V03.10 v.1.26.33, (Désactivé)
G2 – GCE: Preference [User DataDefault] [hoidflomjnnnbiemmkjdjkkialmhbago] Browsers+_App+s+ v.1.26.9, (Activated)
G2 – GCE: Preference [User DataDefault] [cgbeihidkikgdcoogkeoeconphggdhop] Total-1.8 v.1.26.53, (Activated)
G2 – GCE: Preference [User DataDefault] [ofaemmlijemfcopjandkcndefpnacabg] HQual2y-v2.5V01.11 v.1.26.76, (Désactivé)
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsdndpbhehbclolnjdfholblgioegcadih [BobyLyrics-15]
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsmfhkgfigejkhikbkfkkglinnkfojkdek [Clock View]
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsceenmgoldhkkegcnlieacjjhndklllkp [Frieven_s_Prox_1.8]
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsmajjphhgppkndjjkmhhnbgafooenebhd [Text Highlighter]
G2 – EXT: C:\UsersRyadAppDataLocalGoogleChromeUser DataDefaultExtensionsonlnnachibjmjahfpoemhledlpakoicg [Remove Bloat!]
G2 – EXT: C:\UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionseeibjhjmddgcdbniedjoghdgbofbecad [Wiki Like]
G2 – EXT: C:\UserscarolephiphiAppDataLocalGoogleChromeUser DataDefaultExtensionsofaemmlijemfcopjandkcndefpnacabg [HQual2y-v2.5V01.11]
M2 – MFEP: prefs.js [Coolman – plj96prl.defaultcrossriderapp12765@crossrider.com] [] Savings Wave v2.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.defaultcrossriderapp2258@crossrider.com] [] I Want This v5.0.7.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182.com] [] Feven v (..)
O2 – BHO: CrossriderApp0012765 [64Bits] – {11111111-1111-1111-1111-110111271165} . (.Innovative Apps – Savings Wave BHO.) — C:\Program Files (x86)\Savings WaveSavings Wave-bho.dll
O2 – BHO: CrossriderApp0027096 [64Bits] – {11111111-1111-1111-1111-110211701196} . (.Corporate Inc. – Services x86 BHO.) — C:\Program Files (x86)\Services x86Services x86-bho.dll
O2 – BHO: CrossriderApp0031554 [64Bits] – {11111111-1111-1111-1111-110311151154} . (.Feven – Feven BHO.) — C:\Program Files (x86)\FevenFeven-bho.dll
O2 – BHO: HDvid-Codec V9.0 – {11111111-1111-1111-1111-110511131156} . (…) — c:\program fileshdvid-codec v9.0HDvid-Codec V9.0-bho.dll
O2 – BHO: CrossriderApp0059599 [64Bits] – {11111111-1111-1111-1111-110511951199} . (.enter – video MediaPlay-Air BHO.) — C:\Program Files (x86)\video MediaPlay-Airvideo MediaPlay-Air-bho.dll
O2 – BHO: Vaudix [64Bits] – {33352849-DE7E-1FEA-41E2-A93D67F34C33} . (…) — C:\Program Files (x86)\Vaudix1Swh5Aa.dll
O2 – BHO: CrossriderApp0043914 [64Bits] – {11111111-1111-1111-1111-110411391114} . (.LKB soft boby – BobyLyrics-15 BHO.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-bho.dll
O2 – BHO: edccb4a004ec01329fbb0fbe6070a3f60063285 – {11111111-1111-1111-1111-110611321185} . (.HDPlus-01TotalV21.09 – TotalPlus01-3.1V21.09 BHO.) — C:\Program FilesTotalPlus01-3.1V21.09TotalPlus01-3.1V21.09-bho.dll
O2 – BHO: e105fff0f3e80131b6584734478597d40061911 [64Bits] – {11111111-1111-1111-1111-110611191111} . (.iWebar – Ge-Force BHO.) — C:\Program Files (x86)\Ge-ForceGe-Force-bho.dll
O4 – HKCU.. Run: [fabulous_07261115] . (…) — c:\usersCoolmanappdatalocalfabulous_07261115fabulous_07261115.exe
O4 – HKUSS-1-5-21-1137401237-2199336907-3109346764-1000.. Run: [fabulous_07261115] . (…) — c:\usersCoolmanappdatalocalfabulous_07261115fabulous_07261115.exe
[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] [APT] [Updater12765.exe] (.Innovative Apps.) — C:\UsersCoolmanAppDataLocalUpdater12765Updater12765.exe [210312]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-chromeinstaller.job [1872]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-codedownloader.job [1176]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-enabler.job [1076]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-firefoxinstaller.job [1796]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-updater.job [1172]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-chromeinstaller.job [1976]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-codedownloader.job [1262]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-enabler.job [1162]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-firefoxinstaller.job [1900]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-updater.job [1356]
[MD5.3358CCA51C64ACF4968F0B78B1151B9D] [APT] [Feven-chromeinstaller] (.Feven.) — C:\Program Files (x86)\FevenFeven-chromeinstaller.exe [464232]
[MD5.0F603FE8B10DB23F94A5891B477F6D91] [APT] [Feven-codedownloader] (.Feven.) — C:\Program Files (x86)\FevenFeven-codedownloader.exe [478568]
[MD5.2DD33F1BBE254BE24A5B12D648817BC0] [APT] [Feven-enabler] (.Feven.) — C:\Program Files (x86)\FevenFeven-enabler.exe [345960]
[MD5. DDED161DE2CB30DB7F32701C862693BB] [APT] [Feven-firefoxinstaller] (.Feven.) — C:\Program Files (x86)\FevenFeven-firefoxinstaller.exe [725352]
[MD5.987F5D34F03D3C6D200C2A9955DC2FA1] [APT] [Feven-updater] (.Feven.) — C:\Program Files (x86)\FevenFeven-updater.exe [364392]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-chromeinstaller.job [1296]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-codedownloader.job [1908]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-enabler.job [1832]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-firefoxinstaller.job [1200]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-updater.job [1100]
O39 – APT:Automatic Planified Task – C:\WINDOWSTasksvideo-high-codedownloader.job [1446]
O39 – APT:Automatic Planified Task – C:\WINDOWSTasksvideo-high-enabler.job [1346]
O39 – APT:Automatic Planified Task – C:\WINDOWSTasksvideo-high-firefoxinstaller.job [2506]
O39 – APT:Automatic Planified Task – C:\WINDOWSTasksvideo-high-updater.job [1492]
[MD5.1F1C07E7DE9A70D97E11E7C083FA2331] [APT] [OnlineHD V6.0-chromeinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0OnlineHD V6.0-chromeinstaller.exe [817664]
[MD5.178DAF15539807530486B929242CEDA2] [APT] [OnlineHD V6.0-codedownloader] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0OnlineHD V6.0-codedownloader.exe [523776]
[MD5.8D06AD8D0935BD879E62F2927A7470E0] [APT] [OnlineHD V6.0-firefoxinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0OnlineHD V6.0-firefoxinstaller.exe [886272]
[MD5. D05AE10289E2629973013F193F03B70B] [APT] [OnlineHD V6.0-updater] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0OnlineHD V6.0-updater.exe [353792]
O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\WindowsTasksOnlineHD V6.0-chromeinstaller.job [2002]
O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\WindowsSystem32TasksOnlineHD V6.0-chromeinstaller [2002]
O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\WindowsTasksOnlineHD V6.0-codedownloader.job [1244]
O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\WindowsSystem32TasksOnlineHD V6.0-codedownloader [1244]
O39 – APT: OnlineHD V6.0-enabler – (…) — C:\WindowsTasksOnlineHD V6.0-enabler.job [1154]
O39 – APT: OnlineHD V6.0-enabler – (…) — C:\WindowsSystem32TasksOnlineHD V6.0-enabler [1154]
O39 – APT: OnlineHD V6.0-firefoxinstaller – (.installdaddy.) — C:\WindowsTasksOnlineHD V6.0-firefoxinstaller.job [2236]
O39 – APT: OnlineHD V6.0-firefoxinstaller – (.installdaddy.) — C:\WindowsSystem32TasksOnlineHD V6.0-firefoxinstaller [2236]
O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\WindowsTasksOnlineHD V6.0-updater.job [1352]
O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\WindowsSystem32TasksOnlineHD V6.0-updater [1352]
[MD5. FD4B699623E3BFCD0F23B1DCC290A208] [APT] [BobyLyrics-15-chromeinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-chromeinstaller.exe [471040]
[MD5.147579A8789B144AAAC67258297963A1] [APT] [BobyLyrics-15-codedownloader] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-codedownloader.exe [494592]
[MD5.3829BEB6C6E5E6EE689DAEF19419236A] [APT] [BobyLyrics-15-enabler] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-enabler.exe [355840]
[MD5.91CEF1E7BC7CC35BFB4BE523CB509567] [APT] [BobyLyrics-15-firefoxinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-firefoxinstaller.exe [732160]
61F330E3F24D8FBDD3A7A02F7F52FEBF] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-1] (.HDPlus-01TotalV21.09.) — C:\Program FilesTotalPlus01-3.1V21.09TotalPlus01-3.1V21.09-codedownloader.exe [1110936]
[MD5.66EFD4D54C14927D74DD590E6CD29A5B] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-11] (.HDPlus-01TotalV21.09.) — C:\Program FilesTotalPlus01-3.1V21.0955d88d94-6b9b-4c81-bb2c-9653d27581f8-11.exe [1965464]
O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 – (.smarts.) — C:\WindowsSystem32Tasksca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 [4490]
O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user – (.smarts.) — C:\WindowsTasksca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user.job [1696]
[MD5. CE6C8D1B2BE9E1C93E150C0BA518E03F] [APT] [d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4] (.HighD7.) — C:\Program Files (x86)\HighD-V11d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4.exe [1435512]
[MD5.94664AD21A2B6383BA1BE658B2C7F6C0] [APT] [dc28f4f3-f705-4d8e-a99d-369241422a99] (…) — C:\Program Files (x86)\HighD-V11dc28f4f3-f705-4d8e-a99d-369241422a99.exe [32120]
O42 – Logiciel: Savings Wave – (.Innovative Apps.) [HKLM][64Bits] — Savings Wave
O42 – Logiciel: Services x86 – (.Corporate Inc.) [HKLM][64Bits] — Services x86
O42 – Logiciel: video-high – (.videohq.) [HKLM] — video-high
O42 – Logiciel: BetterDeals-11 – (.BetterDeals.) [HKLM][64Bits] — BetterDeals-11
O42 – Logiciel: Fpro1.2 – (.Freeven.) [HKLM] — Fpro1.2
O42 – Logiciel: MPlayerplus – (.Freeven.) [HKLM] — MPlayerplus
O42 – Logiciel: video MediaPlay-Air – (.enter.) [HKLM][64Bits] — video MediaPlay-Air
O42 – Logiciel: HQPureV1.8 – (.HQPure.) [HKLM][64Bits] — HQPureV1.8
O42 – Logiciel: Fabulous discounts – (…) [HKCU] — fabulous_07261115
O42 – Logiciel: Browsers App – (.browser.) [HKLM][64Bits] — Browsers App
O42 – Logiciel: CinamHDPureV9.5 – (.CinamHDPure.) [HKLM][64Bits] — CinamHDPureV9.5
O42 – Logiciel: BobyLyrics-15 – (.LKB boby soft.) [HKLM][64Bits] — BobyLyrics-15
O42 – Logiciel: TotalPlus01-3.1V21.09 – (.HDPlus-01TotalV21.09.) [HKLM] — TotalPlus01-3.1V21.09
O42 – Logiciel: BrowsersAppProPlus-v2.3 – (.browser.) [HKLM][64Bits] — BrowsersAppProPlus-v2.3
O42 – Logiciel: BrowserPlusBApps_version10.1 – (.App.) [HKLM][64Bits] — BrowserPlusBApps_version10.1
O42 – Logiciel: BROsrAppsEd3 – (.BrowserServiApp23.) [HKLM] — BROsrAppsEd3
O42 – Logiciel: MPPlayvideoEd2.0 – (.MediaProPlayer+.) [HKLM] — MPPlayvideoEd2.0
O42 – Logiciel: MedPlayV3.1 – (.PlayersMComp.) [HKLM] — MedPlayV3.1
[HKLMSoftwareWow6432NodeServices x86]
[HKCUSoftwareAppDataLowSoftwareServices x86]
[HKCUSoftwareAppDataLowSoftwareCrossrider]
[HKCUSoftwareAppDataLowSoftwareSavings Wave]
[HKCUSoftwareCr_Installer]
[HKLMSoftwareShop-Up]
[HKCUSoftwarevideo-high]
[HKCUSoftwareAppDataLowSoftwareFrieven_s_Prox_1.8]
[HKCUSoftwareAppDataLowSoftwarevideo MediaPlay-Air]
[HKCUSoftwarefabulous]
[HKCUSoftwareAppDataLowSoftwareBrowsers App]
[HKLMSoftwareWow6432NodeCinamHDPureV9.5-nv]
[HKCUSoftwareAppDataLowSoftwareBobyLyrics-15]
[HKLMSoftwareWow6432NodeV-9.1HQ-nv]
[HKCUSoftwareAppDataLowSoftwarewinservice86]
[HKLMSoftwareWow6432Nodewinservice86-nv]
[HKLMSoftwareWow6432Nodewinservice86]
[HKCUSoftwareAppDataLowSoftwareTotalPlus01-3.1V21.09]
[HKCUSoftwareHBLDI]
[HKLMSoftwareBrowsers+_App+s+-nv]
[HKLMSoftwareBrowsers+_App+s+]
[HKCUSoftwareAppDataLowSoftwareBrowsersAppProPlus-v2.3]
[HKLMSoftwareHQual2y-v2.5V01.11-nv]
[HKLMSoftwareWow6432NodeHQual2y-v2.5V01.11-nv]
[HKLMSoftwareWow6432NodeVideoMedia+Player_v2.3-nv]
[HKCUSoftwareAppDataLowSoftwareHD_Quality_v1.1V21.11]
[HKCUSoftwareAppDataLowSoftwareI – Cinema]
[HKLMSoftwareWow6432NodeI – Cinema-nv]
[HKLMSoftwareWow6432NodeGe-Force]
[HKCUSoftwareSavePass 1.1-nv]
[HKCUSoftwareSavePass 1.1]
[HKCUSoftwareSense-nv]
[HKLMSoftwareCinPlus-2.4cV03.12-nv]
O43 – CFD: 07/04/2013 – 00:38:19 – [0,009] —-D C:\UsersCoolmanAppDataLocalServices x86
O43 – CFD: 02/04/2013 – 18:59:59 – [0] —-D C:\UsersCoolmanAppDataLocalSavings Wave
O43 – CFD: 18/05/2013 – 17:52:32 – [0,201] —-D C:\UsersCoolmanAppDataLocalUpdater12765
O43 – CFD: 20/05/2013 – 15:11:27 – [4,447] —-D C:\Program Files (x86)\Services x86
O43 – CFD: 06/10/2013 – 21:26:41 – [5,338] —-D C:\Program FilesShop-Up
O43 – CFD: 09/03/2014 – 19:01:31 – [5,541] —-D C:\Program Filesvideo-high
O43 – CFD: 25/04/2014 – 03:20:22 – [] —-D C:\Program Files (x86)\BetterDeals-11
O43 – CFD: 11/05/2014 – 21:29:15 – [] —-D C:\Program Files (x86)\BobyLyrics-15
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program filesHDvid-Codec V9.0
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program fileshdvidcodec.com
O43 – CFD: 23/07/2014 – 02:07:42 – [] —-D C:\Program Files (x86)\video MediaPlay-Air
O43 – CFD: 22/07/2014 – 23:17:02 – [] —-D C:\Program Files (x86)\HQPureV1.8
O43 – CFD: 26/07/2014 – 13:15:32 – [] —-D C:\UsersCoolmanAppDataLocalfabulous_07261115
O43 – CFD: 31/07/2014 – 20:07:44 – [] —-D C:\Program Files (x86)\Browsers App
O43 – CFD: 18/08/2014 – 01:36:34 – [] —-D C:\Program Files (x86)\CinamHDPureV9.5
O43 – CFD: 16/09/2014 – 19:47:05 – [] —-D C:\Program Files (x86)\winservice86
O43 – CFD: 21/09/2014 – 17:06:31 – [] —-D C:\Program FilesTotalPlus01-3.1V21.09
O43 – CFD: 02/12/2014 – 14:16:48 – [] —-D C:\Program Files (x86)\Ge-Force
O43 – CFD: 01/12/2014 – 16:25:24 – [0] —-D C:\Program FilesCinema Video Pro 2.1V14.11
O43 – CFD: 15/02/2015 – 22:43:22 – [] —-D C:\Program FilesMedPlayV3.1
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\UsersCoolmanAppDataRoamingDesk 365iconschrome_1da37a02e412dbdb6c2392f85ed86555.ico [55773]
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\UsersCoolmanAppDataRoamingDesk 365iconsfirefox_266215028a0bf0cee2a4f5132062976d.ico [295606]
O61 – LFC: 26/07/2014 – 13:17:01 —A- . (…) — C:\UsersCoolmanAppDataLocalfabulous_07261115fabulous_07261115.exe [2293760]
O69 – SBI: prefs.js [Coolman – rwby5je5.default] user_pref(« extensions.crossrider.bic », « 13de1811d542bec9b2bf2643f3b612eb »);
O69 – SBI: prefs.js [Coolman – tlj96prl.default] user_pref(« extensions.crossriderapp12765.12765.InstallationThankYouPage », true);
[HKCRCLSID{22222222-2222-2222-2222-220522312272}] (CrossriderApp0053172.Sandbox) =>PUP. CrossRider
[HKCRCLSID{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP. CrossRider
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallSavings Wave]
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallServices x86]
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallSavings Sidekick]
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallBetterDeals-11]
[HKLMSoftwareWow6432NodeServices x86]
[HKCUSoftwareAppDataLowSoftwareServices x86]
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110211701196}]
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110211701196}]
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110211701196}]
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{31111111-1111-1111-1111-110211701196}]
[HKCUSoftwareAppDataLowSoftwareCrossrider]
[HKCUSoftwareAppDataLowSoftwareSavings Wave]
[HKCUSoftwareCr_Installer]
[HKLM\Software\Classes\CrossriderApp0002258.BHO.1]
[HKLM\Software\Classes\CrossriderApp0002258.FBApi.1]
[HKLM\Software\Classes\CrossriderApp0002258.Sandbox.1]
[HKLM\Software\Google\Chrome\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm]
[HKLM\Software\Google\Chrome\Extensions\kigpmgkoelepakabiliblldhdpnidcod]
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod
C:\UsersCoolmanAppDataLocalServices x86
C:\UsersCoolmanAppDataLocalSavings Wave
C:\UsersCoolmanAppDataLocalUpdater12765
C:\Program Files (x86)\Services x86
C:\Program Files (x86)\Feven
C:\Program FilesShop-Up
C:\WINDOWS\tasks\Shop-Up-updater.job
C:\WINDOWS\tasks\Shop-Up-enabler.job
C:\WINDOWS\tasks\Shop-Up-chromeinstaller.job
C:\WINDOWStasksShop-Up-firefoxinstaller.job
C:\WINDOWStasksShop-Up-codedownloader.job
C:\Program Files (x86)\Shop-Up
C:\Program Files (x86)\Shop-UpShop-Up-updater.exe
C:\Program Files (x86)\Shop-UpShop-Up-firefoxinstaller.exe
C:\Program Files (x86)\Shop-UpShop-Up-enabler.exe
C:\Program Files (x86)\Shop-UpShop-Up-codedownloader.exe
C:\Program Files (x86)\Shop-UpShop-Up-chromeinstaller.exe
C:\Program Files (x86)\BetterDeals-11
C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsmfhkgfigejkhikbkfkkglinnkfojkdek1.26.10_0crossrider
C:\WindowsTasksHDvid-Codec V9.0-chromeinstaller.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-chromeinstaller
C:\WindowsTasksHDvid-Codec V9.0-codedownloader.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-codedownloader
C:\WindowsTasksHDvid-Codec V9.0-enabler.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-enabler
C:\WindowsTasksHDvid-Codec V9.0-firefoxinstaller.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-firefoxinstaller
C:\WindowsTasksHDvid-Codec V9.0-updater.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-updater
C:\Program Files (x86)\Ultimate Companionultimate_companion_helper_service.exe

Recensé le 22/06/2016
[MD5.237AAA173D673B77740BE6AE3359AE47] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344AhnsyEE62.tmp [138240] [PID.2096]
[MD5. AB798F6DF51BCCB31E1E42E5F77ACB4F] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344AjnstD52B.tmp [244224] [PID.2260]
[MD5.5247686493366E09A2C4BF0C9A9369D9] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344Aknsq79B2.tmp [356352] [PID.4660]
SR – Auto [22/06/2016] [ 244224] Renew Single Click (dowidoly) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344AjnstD52B.tmp
SR – Auto [22/06/2016] [ 138240] Reservation Plastic (rijufoze) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344AhnsyEE62.tmp
SR – Auto [22/06/2016] [ 356352] Check Default (vopudypezbt) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344Aknsq79B2.tmp
O43 – CFD: 22/06/2016 – [] D — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A
HKLMSYSTEMCurrentControlSetServicesdowidoly
HKLMSYSTEMCurrentControlSetServicesrijufoze
HKLMSYSTEMCurrentControlSetServicesvopudypezbt

Recensé le 11/03/2017
FOUND file: C:\UsersCoolmanAppDataRoamingKyubeyKyubey.exe
FOUND folder: C:\UsersCoolmanAppDataRoamingKyubey
FOUND key: HKLMSYSTEMCurrentControlSetServicesKyubey [C:\UsersCoolmanAppDataRoamingKyubeyKyubey.exe

[collapse]

Alias

See the detail of the lines

PUP. Optional.Crossrider [Malwarebytes]
Adware.CrossRider [Malwarebytes]
a variant of Win32/Toolbar.CrossRider.AX [ESET-NOD32]

[collapse]

COMMENT SUPPRIMER CrossRider ?

Delete with Microsoft Windows

zhpcleaner

Delete with ZHPCleaner

Diagnose with ZHPDiag

Responsibility : The principle of no liability for the original site, in the light of the content of the target sites pointing, is recalled by the judgment of the 19 September 2001 the Court of appeal of Paris. What I want here reflects my opinion and suggestions - the visitor is not obliged to follow.

Total views 40 129 (Today 2 )