PUP.Optional.SearchSettings

PUP.Optional.SearchSettings
SearchSettings est un programme qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits. Il recueille les habitudes de navigations et les communique à un serveur.
– Il redirige votre page d’erreur 404 vers un moteur de recherche. Recensé le 05/05/2014.

Contents

Caractéristiques :

– Il appartient à une famille de PUP Optionnels (Potentially Unwanted Program).
– Vendeur : PUP.Optional.

Actions principales :

– Il s’installe en tant que processus lancé au démarrage du système (RP),
– Il modifie la page de recherche de navigateur internet (R0),
– Il modifie les paramètres URLSearchHook du navigateur Microsoft Internet Explorer (R3),
– Il s’installe en tant que plugin de navigateur Mozilla Firefox (M1),
– Il installe un programme d’extension pour le navigateur Mozilla Firefox (M2),
– Il s’installe en tant que clé Internet Explorer URLSearchHook,
– Il démarre automatiquement avec MSconfig,
– Il s’installe en BHO (Browser Helper Objects) de navigateur internet (O2),
– Il s’installe en tant qu’application démarrée par le registre (O4),
– Il s’installe en tant que service pour être lancé à chaque démarrage du système (O23),(SS/SR),
– Il installe de multiples programmes (O42), pdfforge Toolbar, Search Settings, My Web Search,…
– Il crée des clés « Software » de Base de Registres.
– Il pollue la Base de Registre avec de nombreuses clés (O88 ),
– Il crée de multiples fichiers et dossiers (O88 ),
– Il crée des clés registre Installer (O90),

Aperçu ZHPDiag :

—-\\ Processus lancés
[fusion_builder_container hundred_percent= »yes » overflow= »visible »][fusion_builder_row][fusion_builder_column type= »1_1″ background_position= »left top » background_color= » » border_size= » » border_color= » » border_style= »solid » spacing= »yes » background_image= » » background_repeat= »no-repeat » padding= » » margin_top= »0px » margin_bottom= »0px » class= » » id= » » animation_type= » » animation_speed= »0.3″ animation_direction= »left » hide_on_mobile= »no » center_content= »no » min_height= »none »][MD5.83D7EEB3E14F14C489D44A4D32D7FB44] – (.MyWebSearch.com – My Web Search Plugin Loader.) — C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408] [PID.1888] [MD5.BB74024A1D4E4808562C090980151653] – (.MyWebSearch.com – My Web Search Bar.) — C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [34320] [PID.]

—\\ Pages de recherche de Mozilla Firefox (M1)
M1 – SPR:Search Page Redirection – C:\Program Files\Mozilla FireFox\extensions\[email protected]
M1 – SPR:Search Page Redirection – C:\Program Files\Mozilla FireFox\extensions\[email protected]
M2 – MFEP: prefs.js [Ashley – bw3ancmg.default\[email protected]] [] My Web Search v1.2 (.mywebsearch.)

—\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 – FPN: [HKLM] [@mywebsearch.com/Plugin] – (.MyWebSearch.com – My Web Search Plugin Stub for 32-bit Windows.) — C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll

—\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.mywebsearch.com
R3 – URLSearchHook: (no name) [64Bits] – {00A6FAF6-072E-44cf-8957-5838F569A31D} . (.MyWebSearch.com – MyWebSearch Search Assistant.) (1, 2, 0, 11) — C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.dll
R3 – URLSearchHook: Microsoft Url Search Hook – {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Spigot, Inc. – Search Settings IE.) (1, 2, 3, 16) — C:\Program Files\pdfforge Toolbar\SearchSettings.dll

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: (no name) – {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Spigot, Inc. – Search Settings IE.) — C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 – BHO: SearchSettings Class – {E312764E-7706-43F1-8DAB-FCDD2B1E416D} . (.Vendio Services, Inc. – Search Settings module for Internet Explore.) — C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 – BHO: MyWebSearch Search Assistant BHO [64Bits] – {00A6FAF1-072E-44cf-8957-5838F569A31D} . (.MyWebSearch.com – MyWebSearch Search Assistant.) — C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.dll
O2 – BHO: mwsBar BHO [64Bits] – {07B18EA1-A523-4961-B6BB-170DE4475CCA} . (.MyWebSearch.com – My Web Search.) — C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.dll

—\\ Applications démarrées par registre & par dossier (O4)
O4 – HKLM\..\Run: [SearchSettings] . (.Spigot, Inc. – Search Settings application.) — C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 – HKCU\..\Run: [MyWebSearch Email Plugin] . (.MyWebSearch.com – My Web Search Plugin Loader.) — C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.exe
O4 – HKLM\..\Wow6432Node\Run: [MyWebSearch Email Plugin] . (.MyWebSearch.com – My Web Search Plugin Loader.) — C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.exe
O4 – HKUS\S-1-5-21-375718157-2745772636-1552874416-1003\..\Run: [MyWebSearch Email Plugin] . (.MyWebSearch.com – My Web Search Plugin Loader.) — C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.exe

—\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: My Web Search Service (MyWebSearchService) . (.MyWebSearch.com – My Web Search Bar.) – C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.exe

—\\ Logiciels installés (O42)
O42 – Logiciel: pdfforge Toolbar v1.1.2 – (.Spigot, Inc..) [HKLM] — {5791B7D3-8B34-4218-9750-6A8E45D0AD32}
O42 – Logiciel: Search Settings v1.2.3 – (.Spigot, Inc..) [HKLM] — {5F05C28D-DEA9-4AD6-A73A-064175988EAB}
O42 – Logiciel: My Web Search (Cursor Mania) – (.My Web Search.) [HKLM] — MyWebSearch bar Uninstall

—\\ HKCU & HKLM Software Keys
[HKCU\Software\Search Settings] [HKLM\Software\Search Settings] [HKCU\Software\pdfforge] [HKCU\Software\pdfforge.org] [HKLM\Software\pdfforge.org] [HKCU\Software\AppDataLow\Software\Fun Web Products] [HKCU\Software\AppDataLow\Software\FunWebProducts] [HKCU\Software\AppDataLow\Software\MyWebSearch] [HKLM\Software\FocusInteractive] [HKLM\Software\Fun Web Products] [HKLM\Software\MyWebSearch] [HKLM\Software\Wow6432Node\ReadingFanatic_6x]

—\\ Contenu des dossiers Program Files (O43)
O43 – CFD:Common File Directory —-D- C:\Program Files\pdfforge Toolbar
O43 – CFD:Common File Directory —-D- C:\Program Files\Search Settings
O43 – CFD: 14/12/2011 – 19:42:50 – [0] —-D- C:\Program Files (x86)\FunWebProducts
O43 – CFD: 14/12/2011 – 19:42:48 – [6,874] —-D- C:\Program Files (x86)\MyWebSearch
O43 – CFD: 8/06/2013 – 20:41:49 – [0,000] —-D C:\Documents and Settings\Coolman\Application Data\Search Settings
O43 – CFD: 28.10.2012 – 20:26:47 – [0,513] —-D C:\Program Files (x86)\ReadingFanatic_6x
O43 – CFD: 12.01.2013 – 11:28:17 – [0,003] —-D C:\Users\Naly\AppData\Local\ReadingFanatic_6x

—\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 – SMSR:HKLM\…\startupreg\SearchSettings [Key] . (.Vendio Services, Inc. – Search Settings application.) — C:\Program Files\Search Settings\SearchSettings.exe

—\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 14/12/2011 34320 | (MyWebSearchService) . (.MyWebSearch.com.) – C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.exe

—\\ Scan Additionnel (O88 )
[HKLM\Software\Wow6432Node\ReadingFanatic_6x] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5791B7D3-8B34-4218-9750-6A8E45D0AD32}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}] [HKLM\Software\WOW6432Node\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}] [HKLM\Software\WOW6432Node\Classes\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d}] [HKLM\Software\WOW6432Node\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}] [HKLM\Software\Classes\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca}] [HKLM\Software\WOW6432Node\Classes\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] [HKLM\Software\WOW6432Node\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] [HKLM\Software\WOW6432Node\Classes\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}] [HKLM\Software\WOW6432Node\Classes\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca}] [HKLM\Software\WOW6432Node\Classes\Interface\{07b18eac-a523-4961-b6bb-170de4475cca}] [HKLM\Software\WOW6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}] [HKLM\Software\Classes\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a}] [HKLM\Software\WOW6432Node\Classes\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}] [HKLM\Software\WOW6432Node\Classes\Interface\{120927bf-1700-43bc-810f-fab92549b390}] [HKLM\Software\WOW6432Node\Classes\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec}] [HKLM\Software\WOW6432Node\Classes\Interface\{1f52a5fa-a705-4415-b975-88503b291728}] [HKLM\Software\WOW6432Node\Classes\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}] [HKLM\Software\WOW6432Node\Classes\CLSID\{25560540-9571-4d7b-9389-0f166788785a}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}] [HKLM\Software\WOW6432Node\Classes\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}] [HKLM\Software\WOW6432Node\Classes\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82}] [HKLM\Software\Classes\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906}] [HKLM\Software\WOW6432Node\Classes\Interface\{3e720451-b472-4954-b7aa-33069eb53906}] [HKLM\Software\WOW6432Node\Classes\CLSID\{3e720452-b472-4954-b7aa-33069eb53906}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906}] [HKLM\Software\Classes\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554}] [HKLM\Software\WOW6432Node\Classes\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}] [HKLM\Software\WOW6432Node\Classes\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481}] [HKLM\Software\WOW6432Node\Classes\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c}] [HKLM\Software\WOW6432Node\Classes\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}] [HKLM\Software\WOW6432Node\Classes\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c}] [HKLM\Software\WOW6432Node\Classes\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}] [HKLM\Software\WOW6432Node\Classes\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}] [HKLM\Software\WOW6432Node\Classes\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a}] [HKLM\Software\WOW6432Node\Classes\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}] [HKLM\Software\Classes\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\WOW6432Node\Classes\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\WOW6432Node\Classes\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\WOW6432Node\Classes\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\WOW6432Node\Classes\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\WOW6432Node\Classes\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9}] [HKLM\Software\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}] [HKLM\Software\WOW6432Node\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}] [HKLM\Software\WOW6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}] [HKLM\Software\Classes\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c}] [HKLM\Software\Classes\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14}] [HKLM\Software\WOW6432Node\Classes\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2}] [HKLM\Software\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}] [HKLM\Software\WOW6432Node\Classes\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907}] [HKLM\Software\WOW6432Node\Classes\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}] [HKLM\Software\WOW6432Node\Classes\Interface\{991aac62-b100-47ce-8b75-253965244f69}] [HKLM\Software\WOW6432Node\Classes\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}] [HKLM\Software\WOW6432Node\Classes\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc}] [HKLM\Software\WOW6432Node\Classes\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}] [HKLM\Software\Classes\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144}] [HKLM\Software\WOW6432Node\Classes\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127}] [HKLM\Software\Classes\TypeLib\{d518921a-4a03-425e-9873-b9a71756821e}] [HKLM\Software\WOW6432Node\Classes\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}] [HKLM\Software\WOW6432Node\Classes\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61}] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7}] [HKLM\Software\WOW6432Node\Classes\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}] [HKLM\Software\WOW6432Node\Classes\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e}] [HKLM\Software\WOW6432Node\Classes\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f}] [HKLM\Software\Classes\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d}] [HKLM\Software\Classes\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612}] [HKLM\Software\WOW6432Node\Classes\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}] [HKLM\Software\WOW6432Node\Classes\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612}] [HKLM\Software\WOW6432Node\Classes\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da}] [HKLM\Software\Classes\TypeLib\{f42228fb-e84e-479e-b922-fbbd096e792c}] [HKLM\Software\WOW6432Node\Classes\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978}] [HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService] [HKLM\Software\WOW6432Node\focusinteractive] [HKCU\Software\AppDataLow\Software\Fun Web Products] [HKLM\Software\WOW6432Node\Fun Web Products] [HKCU\Software\AppDataLow\Software\FunWebProducts] [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{07b18ea9-a523-4961-b6bb-170de4475cca}
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:MyWebSearch Email Plugin
C:\Documents and Settings\Coolman\Application Data\Search Settings
C:\Users\Ashley\AppData\LocalLow\FunWebProducts
C:\Users\Ashley\AppData\LocalLow\MyWebSearch
C:\Program Files (x86)\FunWebProducts
C:\Program Files (x86)\MyWebSearch

—\\ Product Upgrade Codes (O90)
O90 – PUC: « D82C50F59AED6DA47AA360145789E8BA » . (.Search Settings v1.2.3.) — C:\WINDOWS\Installer\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}\ARPPRODUCTICON.exe

Liens :

forum.malekal.com
emsisoft.fr

Alias :

PUP.SearchSettings

 

Supprimer (Remove) :

– Supprimer l’extension « MyWebSearch » de tous les navigateurs installés,
– Supprimer le plugin « MyWebSearch » de tous les navigateurs installés,
– Supprimer le logiciel « pdfforge Toolbar » via le panneau de configuration Windows,
– Supprimer le logiciel « Search Settings » via le panneau de configuration Windows,
– Supprimer le logiciel « My Web Search » via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
Nettoyer avec ZHPCleaner

Rate this post
Retour en haut