PC-ATI est une équipe de bénévoles qui vous apporte une assistance entièrement gratuite, inscrivez-vous pour participer au forum.

System Diagnostics

Guide d'auto-assistance pour la suppression des logiciels malveillants
Verrouillé
Avatar du membre
Amesam
Administrateur du site
Messages : 364
Enregistré le : lun. 5 juin 2017 17:23

System Diagnostics

Message par Amesam » jeu. 21 juin 2018 19:44

Qu'est-ce que System Diagnostics ?


L'équipe de recherche Malwarebytes a déterminé que System Diagnostics est un faux programme d'optimisation.
Il utilise des faux positifs pour convaincre les utilisateurs que leurs systèmes est remplit d'erreurs à corriger. Ensuite, il essaie de vous vendre son logiciel, en prétendant que cela supprimera ces problèmes.

Malwarebytes peut détecter et supprimer ce programme potentiellement indésirable (PUP.Optional.PCVARK, PUP.Optional.WinYahoo).


Détails techniques :

Lignes possibles dans les rapports FRST :

Code : Tout sélectionner

(SystemDiagnostics.com) C:\Program Files (x86)\System Diagnostics\PCDUI.exe
C:\Users\Public\Desktop\System Diagnostics.lnk
C:\Users\{username}\AppData\Roaming\SystemDiagnostics.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Diagnostics
C:\Program Files (x86)\System Diagnostics
C:\Users\{username}\Desktop\sysdsetupsite.exe

System Diagnostics (HKLM-x32\...\75C0CFDE-332C-4C62-9264-418F03AE2CD8_is1) (Version: 1.0.0.0 - pccheckuppro.com)

Modifications apportées :

Code : Tout sélectionner

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\System Diagnostics
       Adds the file AMPIEDecoder.dll"="1/28/2016 4:33 PM, 166912 bytes, A
       Adds the file HtmlRenderer.dll"="5/6/2015 10:38 AM, 221696 bytes, A
       Adds the file HtmlRenderer.WinForms.dll"="5/6/2015 10:38 AM, 60416 bytes, A
       Adds the file Interop.IWshRuntimeLibrary.dll"="6/13/2017 8:55 PM, 55528 bytes, A
       Adds the file Interop.WUApiLib.dll"="2/12/2016 2:18 PM, 86016 bytes, A
       Adds the file Microsoft.TeamFoundation.Common.dll"="3/14/2013 11:05 PM, 680064 bytes, A
       Adds the file NAudio.dll"="3/5/2015 6:56 PM, 471040 bytes, A
       Adds the file Newtonsoft.Json.dll"="9/18/2015 6:21 PM, 465408 bytes, A
       Adds the file PCDEngine.dll"="6/13/2017 8:49 PM, 674304 bytes, A
       Adds the file PCDRes.dll"="6/6/2017 12:46 PM, 1848320 bytes, A
       Adds the file PCDUI.exe"="6/13/2017 8:55 PM, 1219816 bytes, A
       Adds the file PCDUI.exe.config"="6/6/2017 1:28 PM, 3398 bytes, A
       Adds the file System.Data.SQLite.DLL"="5/7/2015 4:37 PM, 290816 bytes, A
       Adds the file System.Data.SQLite.Linq.dll"="5/7/2015 4:37 PM, 196608 bytes, A
       Adds the file System.Threading.dll"="1/22/2016 9:15 PM, 387408 bytes, A
       Adds the file TAFactory.IconPack.dll"="7/17/2012 9:33 PM, 36864 bytes, A
       Adds the file unins000.dat"="5/11/2018 8:15 AM, 77053 bytes, A
       Adds the file unins000.exe"="5/11/2018 8:15 AM, 1264360 bytes, A
       Adds the file unins000.msg"="5/11/2018 8:15 AM, 22701 bytes, A
    Adds the folder C:\Program Files (x86)\System Diagnostics\langs
       Adds the file english_apc_en.ini"="5/15/2017 5:24 PM, 66374 bytes, A
    Adds the folder C:\Program Files (x86)\System Diagnostics\x64
       Adds the file SQLite.Interop.dll"="5/7/2015 4:37 PM, 1175552 bytes, A
    Adds the folder C:\Program Files (x86)\System Diagnostics\x86
       Adds the file SQLite.Interop.dll"="5/7/2015 4:37 PM, 854528 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Diagnostics
       Adds the file Buy System Diagnostics.lnk"="5/11/2018 8:15 AM, 1088 bytes, A
       Adds the file System Diagnostics.lnk"="5/11/2018 8:15 AM, 1076 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\SystemDiagnostics.com\System Diagnostics
       Adds the file Errorlog.txt"="5/11/2018 8:16 AM, 418 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\SystemDiagnostics.com\System Diagnostics\smico
    In the existing folder C:\Users\Public\Desktop
       Adds the file System Diagnostics.lnk"="5/11/2018 8:15 AM, 1058 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\75C0CFDE-332C-4C62-9264-418F03AE2CD8_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\System Diagnostics\PCDUI.exe"
       "DisplayName"="REG_SZ", "System Diagnostics"
       "DisplayVersion"="REG_SZ", "1.0.0.0"
       "EstimatedSize"="REG_DWORD", 9985
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\System Diagnostics"
       "Inno Setup: Icon Group"="REG_SZ", "System Diagnostics"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20180511"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\System Diagnostics\"
       "MajorVersion"="REG_DWORD", 1
       "MinorVersion"="REG_DWORD", 0
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "pccheckuppro.com"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\System Diagnostics\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\System Diagnostics\unins000.exe""
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\pcv-vars]
       "affiliateid"="REG_SZ", ""
       "country"="REG_SZ", ""
       "efophone"="REG_SZ", "(855)-392-7237"
       "LangCode"="REG_SZ", "en"
       "phone"="REG_SZ", "(877)-883-7061"
       "pxl"="REG_SZ", ""
       "showefono"="REG_DWORD", 1
       "utm_campaign"="REG_SZ", "sysd"
       "utm_medium"="REG_SZ", "sysd"
       "utm_pubid"="REG_SZ", ""
       "utm_source"="REG_SZ", "sysd"
       "x-at"="REG_SZ", ""
       "x-context"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SystemDiagnostics.com\System Diagnostics]
       "affiliateid"="REG_SZ", ""
       "affired"="REG_DWORD", 1
       "afterInstallUrl"="REG_SZ", "http://www.pccheckuppro.com/apc/afterinstall/?"
       "cbkpoff"="REG_DWORD", 1
       "country"="REG_SZ", ""
       "cta"="REG_DWORD", 0
       "delay"="REG_DWORD", 0
       "EmailURL"="REG_SZ", "support@pccheckuppro.com"
       "expired"="REG_DWORD", 0
       "Installstring"="REG_SZ", "C:\Program Files (x86)\System Diagnostics"
       "isphone"="REG_DWORD", 1
       "issilent"="REG_DWORD", 0
       "LangCode"="REG_SZ", "en"
       "lcname"="REG_SZ", "Tech Live Connect"
       "msl"="REG_DWORD", 1
       "ovoffdis"="REG_DWORD", 0
       "phone"="REG_SZ", "(877)-883-7061"
       "Phone_at"="REG_SZ", "(800)-180-0926"
       "Phone_au"="REG_SZ", "1800-764-389"
       "Phone_ch"="REG_SZ", "(800)-180-0926"
       "Phone_de"="REG_SZ", "(800)-180-0926"
       "Phone_fr"="REG_SZ", "(334)-88627945"
       "Phone_gb"="REG_SZ", "(800)-404-8430"
       "Phone_lu"="REG_SZ", "(800)-180-0926"
       "Phone_uk"="REG_SZ", "(800)-404-8430"
       "Phone_us"="REG_SZ", "(877)-883-7061"
       "playsound"="REG_DWORD", 1
       "prereg"="REG_DWORD", 0
       "PurchaseURL"="REG_SZ", "http://www.pccheckuppro.com/sysd/price.asp?"
       "pxl"="REG_SZ", ""
       "reg"="REG_DWORD", 0
       "RenewURL"="REG_SZ", "http://www.pccheckuppro.com/sysd/renewal.asp?"
       "showtn"="REG_DWORD", 0
       "supporturl"="REG_SZ", "http://www.pccheckuppro.com/help/"
       "utm_campaign"="REG_SZ", "sysd"
       "utm_medium"="REG_SZ", "sysd"
       "utm_source"="REG_SZ", "sysd"
       "WebURL"="REG_SZ", "http://www.pccheckuppro.com/"
       "x-at"="REG_SZ", ""
       "x-context"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\U3lzdGVtRGlhZ25vc3RpY3MuY29t\U3lzdGVtIERpYWdub3N0aWNz\ACT]
       "data"="REG_BINARY, .....................................................................................................................................................................................................................................................................................................................................
    [HKEY_CURRENT_USER\Software\SystemDiagnostics.com\System Diagnostics]
       "affiliateid"="REG_SZ", ""
       "Installstring"="REG_SZ", "C:\Program Files (x86)\System Diagnostics"
       "LangCode"="REG_SZ", "en"
       "pxl"="REG_SZ", ""
       "utm_campaign"="REG_SZ", "sysd"
       "utm_medium"="REG_SZ", "sysd"
       "utm_pubid"="REG_SZ", ""
       "utm_source"="REG_SZ", "sysd"
       "x-at"="REG_SZ", ""
       "x-context"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\SystemDiagnostics.com\System Diagnostics\1.0.0.0]

Malwarebytes log :

Code : Tout sélectionner

-Log Details-
Scan Date: 5/11/18
Scan Time: 8:19 AM
Log File: 498020c7-54e3-11e8-a1d9-080027235d76.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.5066
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 239265
Threats Detected: 37
Threats Quarantined: 37
Time Elapsed: 2 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUP.Optional.PCVARK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\75C0CFDE-332C-4C62-9264-418F03AE2CD8_is1, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, HKCU\SOFTWARE\SystemDiagnostics.com, Quarantined, [401], [520053],1.0.5066
PUP.Optional.PCVARK, HKLM\SOFTWARE\WOW6432NODE\SystemDiagnostics.com, Quarantined, [401], [520052],1.0.5066
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\PCV-VARS, Quarantined, [246], [254813],1.0.5066

Registry Value: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\PCV-VARS|AFFILIATEID, Quarantined, [246], [254813],1.0.5066

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\langs, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\x64, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\x86, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\PROGRAM FILES (X86)\SYSTEM DIAGNOSTICS, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\SystemDiagnostics.com\System Diagnostics\smico, Quarantined, [401], [520045],1.0.5066
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\SystemDiagnostics.com\System Diagnostics, Quarantined, [401], [520045],1.0.5066
PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\SYSTEMDIAGNOSTICS.COM, Quarantined, [401], [520045],1.0.5066

File: 25
PUP.Optional.PCVARK, C:\PROGRAM FILES (X86)\SYSTEM DIAGNOSTICS\UNINS000.DAT, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\langs\english_apc_en.ini, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\x64\SQLite.Interop.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\x86\SQLite.Interop.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\PCDEngine.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\AMPIEDecoder.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\HtmlRenderer.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\HtmlRenderer.WinForms.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\Interop.IWshRuntimeLibrary.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\Interop.WUApiLib.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\Microsoft.TeamFoundation.Common.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\NAudio.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\Newtonsoft.Json.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\PCDRes.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\PCDUI.exe, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\PCDUI.exe.config, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\System.Data.SQLite.DLL, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\System.Data.SQLite.Linq.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\System.Threading.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\TAFactory.IconPack.dll, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\unins000.exe, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Program Files (x86)\System Diagnostics\unins000.msg, Quarantined, [401], [520044],1.0.5066
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\SystemDiagnostics.com\System Diagnostics\Errorlog.txt, Quarantined, [401], [520045],1.0.5066
PUP.Optional.PCVARK, C:\USERS\{username}\DESKTOP\SYSDSETUPSITE.EXE, Quarantined, [401], [516157],1.0.5066
PUP.Optional.PCVARK, C:\USERS\{username}\DOWNLOADS\UNCONFIRMED 397119.CRDOWNLOAD, Quarantined, [401], [516157],1.0.5066

Physical Sector: 0
(No malicious items detected)


(end)

Publication autorisée par le Staff de Malwarebytes
Source

Image

Verrouillé