Registry Cleaner

Catégorie: Adwares et PUA Protection disponible depuis:27 août 2013 01:47:06 (GMT)
Type: Unspecified PUA Dernière mise à jour :24 févr. 2016 01:31:38 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Registry Cleaner include:

Example 1

File Information

Size
7.0M
SHA-1
270557269c161e3cd10ed25d082d26ceb4f3266f
MD5
c6e108f5bd43a855a5128a137a3b2b33
CRC-32
54650a0e
File type
Windows executable
First seen
2014-09-01

Example 2

File Information

Size
4.8M
SHA-1
2dd5bde756e0bb974bcce667f751c23864c8263c
MD5
b53bd35230f2b9b7537c616bfce83962
CRC-32
e8f2989f
File type
Windows executable
First seen
2014-01-07

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\aff.conf
  • c:\Documents and Settings\test user\Local Settings\Temp\is-4MM63.tmp\systweakasp.tmp
  • C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk
  • C:\Program Files\RegClean Pro\russian_uninst_ru.ini
  • C:\Program Files\RegClean Pro\polish_rcp_pl.ini
  • C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
  • C:\Program Files\RegClean Pro\swedish_uninst.ini
  • C:\Program Files\RegClean Pro\Chinese_rcp.ini
  • C:\Program Files\RegClean Pro\korean_uninst_ko.ini
  • C:\Program Files\RegClean Pro\French_rcp.ini
  • c:\Documents and Settings\test user\Application Data\Advanced System Protector\aspsetup.exe
  • c:\Documents and Settings\test user\Application Data\systweak\RegClean Pro\Version 6.1\eng_rcp.dat
  • C:\Program Files\RegClean Pro\German_uninst.ini
  • C:\Program Files\RegClean Pro\Danish_uninst.ini
  • c:\Documents and Settings\test user\Application Data\systweak\RegClean Pro\Version 6.1\log_01-25-2014.log
  • C:\Program Files\RegClean Pro\polish_uninst_pl.ini
  • C:\Program Files\RegClean Pro\CleanSchedule.exe
  • c:\Documents and Settings\test user\Application Data\systweak\ssd\SSDPTstub.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsz3.tmp\NSISdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\is-40H0E.tmp\_isetup\_shfoldr.dll
  • C:\Program Files\RegClean Pro\greek_uninst_el.ini
  • C:\Program Files\RegClean Pro\isxdl.dll
  • C:\Program Files\RegClean Pro\Dutch_uninst.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\BackupSetup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\is-40H0E.tmp\isxdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\is-0L2PJ.tmp\sample.tmp
  • C:\Program Files\RegClean Pro\RegCleanPro.exe
  • C:\Program Files\RegClean Pro\spanish_uninst.ini
  • C:\Program Files\RegClean Pro\korean_rcp_ko.ini
  • C:\Program Files\RegClean Pro\Italian_rcp.ini
  • C:\Program Files\RegClean Pro\turkish_rcp_tr.ini
  • C:\Program Files\RegClean Pro\Danish_rcp.ini
  • C:\Program Files\RegClean Pro\install_left_image.bmp
  • C:\Program Files\RegClean Pro\Chinese_uninst.ini
  • C:\Program Files\RegClean Pro\Portuguese_uninst.ini
  • C:\Program Files\RegClean Pro\Portuguese_rcp.ini
  • C:\Program Files\RegClean Pro\Italian_uninst.ini
  • C:\Program Files\RegClean Pro\French_uninst.ini
  • C:\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.exe
  • C:\Program Files\RegClean Pro\RegCleanPro.dll
  • C:\Program Files\RegClean Pro\Dutch_rcp.ini
  • C:\Program Files\RegClean Pro\Norwegian_rcp.ini
  • C:\Program Files\RegClean Pro\SSDPTstub.exe
  • C:\Program Files\RegClean Pro\unins000.dat
  • C:\Program Files\RegClean Pro\Japanese_uninst.ini
  • C:\Program Files\RegClean Pro\greek_rcp_el.ini
  • C:\Program Files\RegClean Pro\Cloud_Backup_Setup.exe
  • C:\Program Files\RegClean Pro\Norwegian_uninst.ini
  • C:\Program Files\RegClean Pro\Finnish_rcp_fi.ini
  • C:\Program Files\RegClean Pro\Japanese_rcp.ini
  • C:\Program Files\RegClean Pro\eng_rcp.ini
  • C:\Program Files\RegClean Pro\Finnish_uninst_fi.ini
  • C:\Program Files\RegClean Pro\eng_uninst.ini
  • C:\Program Files\RegClean Pro\RCPUninstall.exe
  • C:\Program Files\RegClean Pro\German_rcp.ini
  • C:\Program Files\RegClean Pro\portugese_rcp_pt.ini
  • C:\Program Files\RegClean Pro\unins000.exe
  • C:\Program Files\RegClean Pro\Swedish_rcp.ini
  • C:\Program Files\RegClean Pro\portugese_uninst_pt.ini
  • C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
  • C:\Program Files\RegClean Pro\Spanish_rcp.ini
  • C:\Program Files\RegClean Pro\TraditionalCn_rcp_zh-tw.ini
  • C:\WINDOWS\system32\roboot.exe
  • C:\Program Files\RegClean Pro\traditionalcn_uninst_zh-tw.ini
  • C:\Program Files\RegClean Pro\russian_rcp_ru.ini
  • C:\Program Files\RegClean Pro\unins000.msg
  • C:\Program Files\RegClean Pro\Turkish_uninst_tr.ini
  • C:\Program Files\RegClean Pro\xmllite.dll
  • C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
  • C:\Program Files\RegClean Pro\systweakasp.exe
    Size
    578K
    SHA-1
    4f2d43ffb1775dfe2101529769637b9741e2d473
    MD5
    0564f0bb06a0bfcae0866e1395edda0c
    CRC-32
    9e3eba5d
    File type
    Windows executable
    First seen
    2013-10-18
Registry Keys Created
  • HKCU\Software\systweak\RegClean Pro\Version 6.1
    FirstRun
    0x00000001
  • HKCU\Software\systweak\RegClean Pro
    ErrorCount
    0x00000000
  • HKCU\Software\systweak\ssd
    ASO3AFFILIATE
  • HKLM\SOFTWARE\Systweak\RegClean Pro\Version 6.1\LANG
    LangID
    0x00000000
  • HKCR\JScript.Compact
    (Default)
    JScript Compact Profile (ECMA 327)
  • HKCR\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    (Default)
    FTP Installer to handle FTP Associations
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014012520140126
    CacheRepair
    0x00000000
  • HKCR\JScript.Compact\CLSID
    (Default)
    {cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}
  • HKCR\JavaScript1.2 AuthorJavaScript1.3 Author\CLSID
    (Default)
    {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
  • HKCR\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}
    (Default)
    JScript Compact Profile (ECMA 327)
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SystweakASP
    "C:\Program Files\RegClean Pro\SystweakASP.exe" /verysilent
  • HKCR\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InprocServer32
    ThreadingModel
    Both
  • HKCU\Software\Licenses
    {0DE49903F6A7893C6}
    V>□□□□□□□p□□□□□0□□@□□@□□@-□ f□□□□□□□□□□□□□p□□ =□□□□□=□□□□□f□□□□□D□□□□□f□□□□□P□□□□□□□□(□`d□□3□□□□□□□□Y□0□□□□□□$□□□□0?□□□□□'□□□□ □□P□□□A□0□□□□□□m□□□□P□□□`□P□□□□□□d□ □□□x□□□□@□□@m□P□□□□□0:□ □□@□□□c□□□□□5□p□□@□□P□□□□□□□□P□□□k□`□□□□□□□□□Q□□□□p
  • HKCR\ECMAScript Author\CLSID
    (Default)
    {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
    MinorVersion
    0x00000015
  • HKCR\JavaScript1.2 AuthorJavaScript1.3 Author
    (Default)
    JScript Language Authoring
  • HKCR\ECMAScript Author
    (Default)
    JScript Language Authoring
  • HKCR\JScript.Compact Author\CLSID
    (Default)
    {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
  • HKCU\Software\systweak
    MachineID
  • HKCU\Software\systweak\RegClean Pro\Version 6.1\LANG
    LangID
    0x00000000
  • HKLM\SOFTWARE\Systweak\Params
    affiliateid
  • HKLM\SOFTWARE\Systweak\RegClean Pro\Version 6.1
    FirstTimeASPFired
    0x00000001
  • HKLM\SOFTWARE\Systweak\ssd
    ASO3AFFILIATE
  • HKCR\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\InProcServer32
    ThreadingModel
    Apartment
  • HKCR\JScript.Compact Author
    (Default)
    JScript Language Authoring
  • HKCR\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\ProgID
    (Default)
    JScript.Compact
  • HKLM\SOFTWARE\Systweak
    MachineID
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Schedule
    Start
    0x00000002
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    RegCleanPro.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\is-0l2pj.tmp\sample.tmp
  • c:\docume~1\support\locals~1\temp\is-4mm63.tmp\systweakasp.tmp
  • c:\program files\regclean pro\cloud_backup_setup.exe
  • c:\program files\regclean pro\regcleanpro.exe
  • c:\program files\regclean pro\systweakasp.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://cdn.mypcbackup.com/MyPCBackup_Setup.exe
  • http://cdn.systweak.com/safedl/aspsetup_systweak_default.exe
  • http://crl.microsoft.com/pki/crl/products/CSPCA.crl
  • http://crl.verisign.com/pca3-g5.crl
  • http://crl.verisign.com/pca3.crl
  • http://csc3-2010-aia.verisign.com/CSC3-2010.cer
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://download.microsoft.com/download/d/d/9/dd9a82d0-52ef-40db-8dab-795376989c03/vcredist_x86.exe
  • http://network.adsmarket.com/cpx
  • http://powerbundle.systweak.com/ASP/firstinstall/
  • http://powerbundle.systweak.com/images/ASP/asp_logo.jpg
  • http://powerbundle.systweak.com/images/en-US/ASP/ASP_screenshot.jpg
  • http://powerbundle.systweak.com/images/repeat_x.png
  • http://powerbundle.systweak.com/js/ie6.js
  • http://powerbundle.systweak.com/js/iepngfix.htc
  • http://powerbundle.systweak.com/js/iepngfix_tilebg.js
  • http://track.mypcbackup.com/8695a4a3/systweakinstall/MyPCBackup_Setup.exe
  • http://track.mypcbackup.com/aadebc4830c51c2794a960fe5a9e11df.php
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • http://www.google-analytics.com/__utm.gif
  • http://www.google-analytics.com/ga.js
  • http://www.systweak.com/Images/Common/HeadProducts.jpg
  • http://www.systweak.com/Images/Common/header_bottom_black.jpg
  • http://www.systweak.com/Images/common/Mainbg.jpg
  • http://www.systweak.com/Images/footer_bg.gif
  • http://www.systweak.com/Images/rc/common/RC_ss1.jpg
  • http://www.systweak.com/Images/rc/common/awards.jpg
  • http://www.systweak.com/Images/rc/common/rcp_after_install_tollfree_no.gif
  • http://www.systweak.com/Images/rc/common/steps1.jpg
  • http://www.systweak.com/Systweak.css
  • http://www.systweak.com/registryCleaner/afterinstall.asp
DNS Requests
  • cdn.mypcbackup.com
  • cdn.systweak.com
  • crl.microsoft.com
  • crl.verisign.com
  • csc3-2010-aia.verisign.com
  • csc3-2010-crl.verisign.com
  • download.microsoft.com
  • network.adsmarket.com
  • powerbundle.systweak.com
  • track.mypcbackup.com
  • updates4.systweak.com
  • www.download.windowsupdate.com
  • www.google-analytics.com
  • www.systweak.com

Example 3

File Information

Size
305K
SHA-1
398062caa3ab1fb961a745ce4213dafe9999770f
MD5
19259f1cb5ef8355efe9b87cdfcbc1d3
CRC-32
88b7fef3
File type
Windows executable
First seen
2015-10-30

Runtime Analysis

Copies Itself To
  • C:\Program Files\RegistryCleanerXP\RegistryCleanerXP.exe
Dropped Files
  • C:\Documents and Settings\All Users\Start Menu\Programs\RegistryCleanerXP.lnk
    Size
    834
    SHA-1
    68342b85496e334df071f8d6cca13925a545fb34
    MD5
    54eb4cd788000554efa84072401de69b
    CRC-32
    97052d3e
    File type
    Windows Shortcut file (.LNK)
    First seen
    2015-11-09
  • C:\Documents and Settings\All Users\Desktop\RegistryCleanerXP.lnk
    Size
    828
    SHA-1
    e57efdebfa8091d91d676b51ab5aa2a9200b2621
    MD5
    7da3ce2a265f99812aae0f6b061053ee
    CRC-32
    d9041f0e
    File type
    Windows Shortcut file (.LNK)
    First seen
    2015-11-09
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryCleanerXP
    UninstallString
    C:\PROGRA~1\REGIST~1\REGIST~1.EXE /uninstall
  • HKLM\SOFTWARE\RegistryCleanerXP
    InstallPath
    C:\Program Files\RegistryCleanerXP
Processes Created
  • c:\program files\registrycleanerxp\registrycleanerxp.exe

download Essayez les produits Sophos gratuitement
Téléchargez maintenant