Registry Cleaner

Catégorie: Adwares et PUA Protection disponible depuis:12 août 2015 10:49:39 (GMT)
Type: Unspecified PUA Dernière mise à jour :12 août 2015 10:49:39 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Registry Cleaner include:

Example 1

File Information

Size
7.0M
SHA-1
270557269c161e3cd10ed25d082d26ceb4f3266f
MD5
c6e108f5bd43a855a5128a137a3b2b33
CRC-32
54650a0e
File type
Windows executable
First seen
2014-09-01

Example 2

File Information

Size
4.8M
SHA-1
2dd5bde756e0bb974bcce667f751c23864c8263c
MD5
b53bd35230f2b9b7537c616bfce83962
CRC-32
e8f2989f
File type
Windows executable
First seen
2014-01-07

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\is-4MM63.tmp\systweakasp.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\aff.conf
  • c:\Documents and Settings\test user\Local Settings\Temp\BackupSetup.exe
  • C:\Program Files\RegClean Pro\Danish_rcp.ini
  • C:\Program Files\RegClean Pro\CleanSchedule.exe
  • C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
  • C:\Program Files\RegClean Pro\Italian_uninst.ini
  • C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk
  • C:\Program Files\RegClean Pro\russian_uninst_ru.ini
  • C:\Program Files\RegClean Pro\polish_uninst_pl.ini
  • C:\Program Files\RegClean Pro\spanish_uninst.ini
  • C:\Program Files\RegClean Pro\portugese_rcp_pt.ini
  • C:\Program Files\RegClean Pro\korean_uninst_ko.ini
  • C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
  • C:\Program Files\RegClean Pro\Dutch_uninst.ini
  • c:\Documents and Settings\test user\Application Data\systweak\ssd\SSDPTstub.exe
  • C:\Program Files\RegClean Pro\Japanese_rcp.ini
  • c:\Documents and Settings\test user\Application Data\Advanced System Protector\aspsetup.exe
  • C:\Program Files\RegClean Pro\Portuguese_uninst.ini
  • c:\Documents and Settings\test user\Application Data\systweak\RegClean Pro\Version 6.1\log_01-25-2014.log
  • c:\Documents and Settings\test user\Application Data\systweak\RegClean Pro\Version 6.1\eng_rcp.dat
  • C:\Program Files\RegClean Pro\Chinese_uninst.ini
  • C:\Program Files\RegClean Pro\greek_rcp_el.ini
  • C:\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.exe
  • C:\Program Files\RegClean Pro\greek_uninst_el.ini
  • C:\Program Files\RegClean Pro\RegCleanPro.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\is-40H0E.tmp\_isetup\_shfoldr.dll
  • C:\Program Files\RegClean Pro\Norwegian_rcp.ini
  • C:\Program Files\RegClean Pro\RCPUninstall.exe
  • C:\Program Files\RegClean Pro\Danish_uninst.ini
  • C:\Program Files\RegClean Pro\Finnish_uninst_fi.ini
  • C:\Program Files\RegClean Pro\Cloud_Backup_Setup.exe
  • C:\Program Files\RegClean Pro\French_uninst.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\is-0L2PJ.tmp\sample.tmp
  • C:\Program Files\RegClean Pro\eng_rcp.ini
  • C:\Program Files\RegClean Pro\Finnish_rcp_fi.ini
  • C:\Program Files\RegClean Pro\Norwegian_uninst.ini
  • C:\Program Files\RegClean Pro\turkish_rcp_tr.ini
  • C:\Program Files\RegClean Pro\korean_rcp_ko.ini
  • C:\Program Files\RegClean Pro\xmllite.dll
  • C:\Program Files\RegClean Pro\isxdl.dll
  • C:\Program Files\RegClean Pro\Portuguese_rcp.ini
  • C:\Program Files\RegClean Pro\Chinese_rcp.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\is-40H0E.tmp\isxdl.dll
  • C:\Program Files\RegClean Pro\RegCleanPro.dll
  • C:\Program Files\RegClean Pro\portugese_uninst_pt.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\nsz3.tmp\NSISdl.dll
  • C:\Program Files\RegClean Pro\eng_uninst.ini
  • C:\Program Files\RegClean Pro\Dutch_rcp.ini
  • C:\Program Files\RegClean Pro\French_rcp.ini
  • C:\Program Files\RegClean Pro\install_left_image.bmp
  • C:\Program Files\RegClean Pro\Turkish_uninst_tr.ini
  • C:\Program Files\RegClean Pro\German_rcp.ini
  • C:\Program Files\RegClean Pro\Italian_rcp.ini
  • C:\Program Files\RegClean Pro\German_uninst.ini
  • C:\Program Files\RegClean Pro\Japanese_uninst.ini
  • C:\Program Files\RegClean Pro\polish_rcp_pl.ini
  • C:\Program Files\RegClean Pro\SSDPTstub.exe
  • C:\Program Files\RegClean Pro\unins000.dat
  • C:\Program Files\RegClean Pro\russian_rcp_ru.ini
  • C:\Program Files\RegClean Pro\Spanish_rcp.ini
  • C:\Program Files\RegClean Pro\swedish_uninst.ini
  • C:\WINDOWS\system32\roboot.exe
  • C:\Program Files\RegClean Pro\traditionalcn_uninst_zh-tw.ini
  • C:\Program Files\RegClean Pro\Swedish_rcp.ini
  • C:\Program Files\RegClean Pro\TraditionalCn_rcp_zh-tw.ini
  • C:\Program Files\RegClean Pro\unins000.msg
  • C:\Program Files\RegClean Pro\unins000.exe
  • C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
  • C:\Program Files\RegClean Pro\systweakasp.exe
    Size
    578K
    SHA-1
    4f2d43ffb1775dfe2101529769637b9741e2d473
    MD5
    0564f0bb06a0bfcae0866e1395edda0c
    CRC-32
    9e3eba5d
    File type
    Windows executable
    First seen
    2013-10-18
  • C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
Registry Keys Created
  • HKCR\ECMAScript Author
    (Default)
    JScript Language Authoring
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SystweakASP
    "C:\Program Files\RegClean Pro\SystweakASP.exe" /verysilent
  • HKCU\Software\systweak\RegClean Pro
    ErrorCount
    0x00000000
  • HKCU\Software\systweak\ssd
    ASO3AFFILIATE
  • HKCU\Software\systweak\RegClean Pro\Version 6.1
    FirstRun
    0x00000001
  • HKLM\SOFTWARE\Systweak\RegClean Pro\Version 6.1\LANG
    LangID
    0x00000000
  • HKCR\JScript.Compact
    (Default)
    JScript Compact Profile (ECMA 327)
  • HKCR\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    (Default)
    FTP Installer to handle FTP Associations
  • HKCR\JScript.Compact\CLSID
    (Default)
    {cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}
  • HKCR\JavaScript1.2 AuthorJavaScript1.3 Author\CLSID
    (Default)
    {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
  • HKCR\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}
    (Default)
    JScript Compact Profile (ECMA 327)
  • HKCR\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InprocServer32
    ThreadingModel
    Both
  • HKCU\Software\Licenses
    {0DE49903F6A7893C6}
    V>□□□□□□□p□□□□□0□□@□□@□□@-□ f□□□□□□□□□□□□□p□□ =□□□□□=□□□□□f□□□□□D□□□□□f□□□□□P□□□□□□□□(□`d□□3□□□□□□□□Y□0□□□□□□$□□□□0?□□□□□'□□□□ □□P□□□A□0□□□□□□m□□□□P□□□`□P□□□□□□d□ □□□x□□□□@□□@m□P□□□□□0:□ □□@□□□c□□□□□5□p□□@□□P□□□□□□□□P□□□k□`□□□□□□□□□Q□□□□p
  • HKCR\ECMAScript Author\CLSID
    (Default)
    {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
    MinorVersion
    0x00000015
  • HKCR\JavaScript1.2 AuthorJavaScript1.3 Author
    (Default)
    JScript Language Authoring
  • HKCR\JScript.Compact Author\CLSID
    (Default)
    {f414c261-6ac0-11cf-b6d1-00aa00bbbb58}
  • HKCU\Software\systweak
    MachineID
  • HKCU\Software\systweak\RegClean Pro\Version 6.1\LANG
    LangID
    0x00000000
  • HKLM\SOFTWARE\Systweak\Params
    affiliateid
  • HKLM\SOFTWARE\Systweak\RegClean Pro\Version 6.1
    FirstTimeASPFired
    0x00000001
  • HKLM\SOFTWARE\Systweak\ssd
    ASO3AFFILIATE
  • HKCR\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\InProcServer32
    ThreadingModel
    Apartment
  • HKCR\JScript.Compact Author
    (Default)
    JScript Language Authoring
  • HKLM\SOFTWARE\Systweak
    MachineID
  • HKCR\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\ProgID
    (Default)
    JScript.Compact
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014012520140126
    CacheRepair
    0x00000000
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    RegCleanPro.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\Schedule
    Start
    0x00000002
Processes Created
  • c:\docume~1\support\locals~1\temp\is-0l2pj.tmp\sample.tmp
  • c:\docume~1\support\locals~1\temp\is-4mm63.tmp\systweakasp.tmp
  • c:\program files\regclean pro\cloud_backup_setup.exe
  • c:\program files\regclean pro\regcleanpro.exe
  • c:\program files\regclean pro\systweakasp.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://cdn.mypcbackup.com/MyPCBackup_Setup.exe
  • http://cdn.systweak.com/safedl/aspsetup_systweak_default.exe
  • http://crl.microsoft.com/pki/crl/products/CSPCA.crl
  • http://crl.verisign.com/pca3-g5.crl
  • http://crl.verisign.com/pca3.crl
  • http://csc3-2010-aia.verisign.com/CSC3-2010.cer
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://download.microsoft.com/download/d/d/9/dd9a82d0-52ef-40db-8dab-795376989c03/vcredist_x86.exe
  • http://network.adsmarket.com/cpx
  • http://powerbundle.systweak.com/ASP/firstinstall/
  • http://powerbundle.systweak.com/images/ASP/asp_logo.jpg
  • http://powerbundle.systweak.com/images/en-US/ASP/ASP_screenshot.jpg
  • http://powerbundle.systweak.com/images/repeat_x.png
  • http://powerbundle.systweak.com/js/ie6.js
  • http://powerbundle.systweak.com/js/iepngfix.htc
  • http://powerbundle.systweak.com/js/iepngfix_tilebg.js
  • http://track.mypcbackup.com/8695a4a3/systweakinstall/MyPCBackup_Setup.exe
  • http://track.mypcbackup.com/aadebc4830c51c2794a960fe5a9e11df.php
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • http://www.google-analytics.com/__utm.gif
  • http://www.google-analytics.com/ga.js
  • http://www.systweak.com/Images/Common/HeadProducts.jpg
  • http://www.systweak.com/Images/Common/header_bottom_black.jpg
  • http://www.systweak.com/Images/common/Mainbg.jpg
  • http://www.systweak.com/Images/footer_bg.gif
  • http://www.systweak.com/Images/rc/common/RC_ss1.jpg
  • http://www.systweak.com/Images/rc/common/awards.jpg
  • http://www.systweak.com/Images/rc/common/rcp_after_install_tollfree_no.gif
  • http://www.systweak.com/Images/rc/common/steps1.jpg
  • http://www.systweak.com/Systweak.css
  • http://www.systweak.com/registryCleaner/afterinstall.asp
DNS Requests
  • cdn.mypcbackup.com
  • cdn.systweak.com
  • crl.microsoft.com
  • crl.verisign.com
  • csc3-2010-aia.verisign.com
  • csc3-2010-crl.verisign.com
  • download.microsoft.com
  • network.adsmarket.com
  • powerbundle.systweak.com
  • track.mypcbackup.com
  • updates4.systweak.com
  • www.download.windowsupdate.com
  • www.google-analytics.com
  • www.systweak.com

Example 3

File Information

Size
4.1M
SHA-1
453f3d7384b85ab8259db652de2174accacb2b4a
MD5
9080f922fd0733833aed5043847f53e6
CRC-32
892c5aa2
File type
Windows executable
First seen
2014-07-15

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Application Data\IsolatedStorage\2reysclv.wll\jk5tymby.44g\Publisher.tru3cijysiaucll30otai1anouzur40w\identity.dat
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • c:\Documents and Settings\test user\Local Settings\Application Data\fastcleanpro\test_item.exe_Url_b2h3ci1p5uepvgqey1ejfwmjsdw2zmsz\1.0.0.0\user.config
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Application Data\fastcleanpro\Logs\Log_07 15 2014 10 19.txt
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %SYSTEM%\d3d9caps.dat
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    fastclean
    "c:\test_item.exe"
  • HKLM\SYSTEM\CurrentControlSet\Services\WPFFontCache_v0400\Enum
    NextInstance
    0x00000001
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
    Blob
    □□□□□□□□□□□□@□□□□□□□□Px□□□□□□□□X□□□□`□□□□□pD□P□□□□□□□□□□□□□□□□□□□□`□□□□□p□□□L□□A□□□□`T□0a□□□□□□□□□□□□□ □□□□□`□□P□□ □□□□□0□□□□□p□□□□□□□□@□□□□□□□□□□□@□□□□□□□□P□□ □□□□□□0□□□□09□□□□□3□□3□ □□□□□□□□□□□□□□□□□□□□□~□0□□□□□□k□`*□@□□□□□@e□□□□0□□□□□□□□@□□@□□p□□0□□□□□□□□□□□P□□□□□□#□□!□`□□□□□□□□`□□P□□p□□`0□ 0□□□□□+□`□□@□□ 7□□□□□□□ □□□□□□□□□□□□□□□*□□□□□0□□□□□+□`□□P□□p□□□□□□+□`□□P□□p□□ □□□+□`□□P□□p□□@□□□+□`□□P□□p□□0 □□□□□□□□□□□□□@□□□0□ □□00□ □□□□□0□□□□□ □□□□□□□□`}□□□□□!□□□□□k□□J□□□□`□□□□□□□□p□□□□□P□□□0□□□□□□□□□□`□□P□□`□□ U□01□p0□P□□0U□@□□0□□`e□ i□0i□pn□□ □□n□0.□□□□□□□`□□P□□□□□`V□Pr□□S□□g□□ □@r□Ps□@ □□e□@w□□r□□1□□0□□□□0U□@□□01□□c□□ □ 0□□6□□V□Pr□□S□□g□□,□□I□□c□□ □□ □`o□ □□u□@h□□r□□z□Pd□□u□0e□□o□□l□□1□P0□0□□0U□@□□0<□`e□ i□0i□pn□□C□□a□0s□□3□□P□Pb□□i□0 □□r□□m□□r□□ □0e□ t□□f□□c□ [... 1320 intervening characters ...] □□□□%□p9□P□□□□□@e□□□□□□□`□□□□□`□□□□□□□□□□□ *□□(□□□□□□□P□□□&□□□□@□□□□□P□□□□□ □□ □□□□□□^□□□□□□□0[□□□□□E□□r□□□□□k□□□□□3□PH□□□□□'□□□□P_□□□□`□□@z□`□□□□□□2□□3□@T□`□□□h□□□□ J□P8□@□□□□□□,□ □□□□□□□□0j□
  • HKCU\Software\Microsoft\Direct3D\MostRecentApplication
    Name
    test_item.exe
Processes Created
  • c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe
HTTP Requests
  • http://ads.adsrvmedia.com/pixel
  • http://ads.exactdrive.com/px
  • http://ads.yahoo.com/pixel
  • http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
  • http://cdn.castplatform.com/images/3b90aaff-681a-4108-966c-7d6043c3b944.html
  • http://cdn.castplatform.com/scripts/cast-domains1.js
  • http://clickserv.sitescout.com/conv/88faafef68473134
  • http://convusmp.tractionize.com/st
  • http://crl.verisign.com/pca3-g5.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://d.castplatform.com//api/p/1/1111/25
  • http://fastcleanpro.com/images/bg01.png
  • http://fastcleanpro.com/images/fcplogo.png
  • http://fastcleanpro.com/images/scan%20complete%20shot.png
  • http://fastcleanpro.com/images/scanning%20shot.jpg
  • http://fastcleanpro.com/js/recordInstall.js
  • http://fastcleanpro.com/php/recordInstall.php
  • http://fastcleanpro.com/thankyouinstall.html
  • http://hitwebcounter.com/counter/counter.php
  • http://ib.adnxs.com/px
  • http://pixel.traffiliate.com/pixel/pixels.js.php
  • http://stage.traffiliate.com/WebBug.aspx
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • http://www.google-analytics.com/analytics.js
  • http://www.google-analytics.com/collect
DNS Requests
  • ads.adsrvmedia.com
  • ads.exactdrive.com
  • ads.yahoo.com
  • ajax.googleapis.com
  • cdn.castplatform.com
  • clickserv.sitescout.com
  • convusmp.tractionize.com
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • d.castplatform.com
  • fastcleanpro.com
  • hitwebcounter.com
  • ib.adnxs.com
  • pixel.traffiliate.com
  • secure.adnxs.com
  • stage.traffiliate.com
  • www.download.windowsupdate.com
  • www.google-analytics.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant