PC-ATI est une équipe de bénévoles qui vous apporte une assistance entièrement gratuite, inscrivez-vous pour participer au forum.

PC Fix Speed

Guide d'auto-assistance pour la suppression des logiciels malveillants
Verrouillé
Avatar du membre
Amesam
Administrateur du site
Messages : 364
Enregistré le : lun. 5 juin 2017 17:23

PC Fix Speed

Message par Amesam » sam. 23 juin 2018 20:22

Qu'est-ce que PC Fix Speed ?


L'équipe de recherche Malwarebytes a déterminé que PC Fix Speed est un faux programme d'optimisation.
Il utilise des faux positifs pour convaincre les utilisateurs que leurs systèmes est remplit d'erreurs à corriger. Ensuite, il essaie de vous vendre son logiciel, en prétendant que cela supprimera ces problèmes.

Malwarebytes peut détecter et supprimer ce programme potentiellement indésirable (PUP.Optional.PCFixSpeed).


Image


Détails techniques :

Lignes possibles dans les rapports FRST :

Code : Tout sélectionner

(Crawler Group, LLC) C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
(Crawler Group, LLC) C:\Program Files (x86)\PCFixSpeed\PCFixSpeed.exe
HKLM-x32\...\Run: [PCFixSpeed] => C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe [1309464 2015-09-07] (Crawler Group, LLC)
C:\Users\{username}\AppData\Roaming\PCFixSpeed
C:\ProgramData\PCFixSpeed
C:\Program Files (x86)\PCFixSpeed
C:\Users\Public\Desktop\Optimize Your PC.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed

PC Fix Speed 2.2.0.107 (HKLM-x32\...\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1) (Version: 2.2.0.107 - Crawler Group) <==== ATTENTION

Modifications apportées :

Code : Tout sélectionner

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\PCFixSpeed
       Adds the file PCFixSpeed.exe"="9/7/2015 1:00 AM, 11811096 bytes, A
       Adds the file PCFixTray.exe"="9/7/2015 1:00 AM, 1309464 bytes, A
       Adds the file unins000.dat"="5/16/2018 11:06 AM, 33701 bytes, A
       Adds the file unins000.exe"="5/16/2018 11:06 AM, 1222976 bytes, A
       Adds the file unins000.msg"="5/16/2018 11:06 AM, 10684 bytes, A
    Adds the folder C:\Program Files (x86)\PCFixSpeed\Update
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
       Adds the file PC Fix Speed.lnk"="5/16/2018 11:06 AM, 981 bytes, A
       Adds the file PCFixSpeed.com.url"="5/16/2018 11:06 AM, 52 bytes, A
       Adds the file Uninstall PC Fix Speed.lnk"="5/16/2018 11:06 AM, 971 bytes, A
    Adds the folder C:\ProgramData\PCFixSpeed\Backup
       Adds the file boost_20180516_110753.xml"="5/16/2018 11:07 AM, 1168 bytes, A
    Adds the folder C:\ProgramData\PCFixSpeed\Startup
    Adds the folder C:\Users\{username}\AppData\Roaming\PCFixSpeed
       Adds the file faq.htm"="5/16/2018 11:07 AM, 13812 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\PCFixSpeed\News
       Adds the file 102_en_1.pngx"="5/16/2018 11:07 AM, 11267 bytes, A
       Adds the file 103_en_1.pngx"="5/16/2018 11:07 AM, 11147 bytes, A
       Adds the file 105_en_2.pngx"="5/16/2018 11:07 AM, 26012 bytes, A
       Adds the file 111_en_1.pngx"="5/16/2018 11:07 AM, 11193 bytes, A
       Adds the file 113_en_1.pngx"="5/16/2018 11:07 AM, 14794 bytes, A
       Adds the file 116_en_4.pngx"="5/16/2018 11:07 AM, 33287 bytes, A
       Adds the file 117_en_5.pngx"="5/16/2018 11:07 AM, 21780 bytes, A
       Adds the file 118_en_4.pngx"="5/16/2018 11:07 AM, 24668 bytes, A
       Adds the file 239_en_10.pngx"="5/16/2018 11:07 AM, 28573 bytes, A
       Adds the file 241_en_1.pngx"="5/16/2018 11:07 AM, 29151 bytes, A
       Adds the file 375_en_1.pngx"="5/16/2018 11:07 AM, 171919 bytes, A
       Adds the file 376_en_1.pngx"="5/16/2018 11:07 AM, 171922 bytes, A
       Adds the file 397_en_1.pngx"="5/16/2018 11:07 AM, 44317 bytes, A
       Adds the file 398_en_1.pngx"="5/16/2018 11:07 AM, 66651 bytes, A
       Adds the file 84_en_1.pngx"="5/16/2018 11:07 AM, 12426 bytes, A
       Adds the file 87_en_1.pngx"="5/16/2018 11:07 AM, 12399 bytes, A
       Adds the file 89_en_1.pngx"="5/16/2018 11:07 AM, 12420 bytes, A
       Adds the file 90_en_3.pngx"="5/16/2018 11:07 AM, 11365 bytes, A
       Adds the file 91_en_1.pngx"="5/16/2018 11:07 AM, 12430 bytes, A
       Adds the file 94_en_1.pngx"="5/16/2018 11:07 AM, 25031 bytes, A
       Adds the file 95_en_1.pngx"="5/16/2018 11:07 AM, 24028 bytes, A
       Adds the file 96_en_1.pngx"="5/16/2018 11:07 AM, 25223 bytes, A
       Adds the file 97_en_1.pngx"="5/16/2018 11:07 AM, 24170 bytes, A
       Adds the file 99_en_2.pngx"="5/16/2018 11:07 AM, 11365 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\PCFixSpeed\Startup
    In the existing folder C:\Users\Public\Desktop
       Adds the file Optimize Your PC.lnk"="5/16/2018 11:06 AM, 963 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
       "PCFixSpeed"="REG_SZ", ""C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PCFixSpeed\PCFixSpeed.exe"
       "DisplayName"="REG_SZ", "PC Fix Speed 2.2.0.107"
       "DisplayVersion"="REG_SZ", "2.2.0.107"
       "EstimatedSize"="REG_DWORD", 14002
       "HelpLink"="REG_SZ", "http://www.PCFixSpeed.com/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\PCFixSpeed"
       "Inno Setup: Deselected Tasks"="REG_SZ", ""
       "Inno Setup: Icon Group"="REG_SZ", "PC Fix Speed"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon"
       "Inno Setup: Setup Version"="REG_SZ", "5.3.8 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20180516"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\PCFixSpeed\"
       "MajorVersion"="REG_DWORD", 2
       "MinorVersion"="REG_DWORD", 2
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Crawler Group"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\PCFixSpeed\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\PCFixSpeed\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://www.PCFixSpeed.com/"
       "URLUpdateInfo"="REG_SZ", "http://www.PCFixSpeed.com/"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PCFixSpeed]
       "(Default)"="REG_SZ", ""
       "CHECK_FOR_UPDATES"="REG_SZ", "1"
       "CREATE_SYSTEMRP"="REG_SZ", "0"
       "DELAY_STARTUP"="REG_SZ", "1"
       "INSTALL"="REG_BINARY, ....
       "INSTCFG"="REG_SZ", "42"
       "LANGUAGE"="REG_SZ", "en"
       "PARAM0"="REG_BINARY, ....
       "PHONE_NUMBER"="REG_SZ", "1-855-760-2497"
       "SCHEDULE_SCAN_DEF"="REG_SZ", "2"
       "SHOW_RESULTS"="REG_SZ", "1"
       "SHOW_TRAY"="REG_SZ", "1"
       "TRIAL_FIRST"="REG_SZ", "0"
       "TRIAL_LEN"="REG_SZ", "0"
       "TRIAL_NEXT"="REG_SZ", "0"
       "TT"="REG_BINARY, 
       "UID"="REG_SZ", "5014795939481923507"
       "UN_NEWS"="REG_SZ", "0"
       "UN_TRIAL"="REG_SZ", "0"
       "UPDSETUP_MSG"="REG_SZ", "1"
       "UPDSETUP_REPEAT"="REG_SZ", "7"
       "UPDSETUP_RUN"="REG_SZ", "0"
       "WSG_FIRST"="REG_SZ", "0"
       "WSG_FORM"="REG_SZ", "0"
       "WSG_SUP"="REG_SZ", "1"
    [HKEY_CURRENT_USER\Software\PCFixSpeed]
       "(Default)"="REG_SZ", ""
       "FIXED"="REG_BINARY, ....
       "LAST_CHECK"="REG_BINARY, ....
       "LAST_NEWS"="REG_BINARY, ....
       "LAST_UPDATE"="REG_BINARY, ....
       "LFRB"="REG_DWORD", 0
       "LFRE"="REG_DWORD", 0
       "LFRF"="REG_DWORD", 31
       "LFRS"="REG_QWORD, ....
       "LFRT"="REG_DWORD", 7
       "LRRB"="REG_DWORD", 0
       "LRRE"="REG_DWORD", 12
       "LRRF"="REG_DWORD", 1447
       "LRRS"="REG_QWORD, ....
       "LRRT"="REG_DWORD", 8
       "LSRB"="REG_DWORD", 0
       "LSRE"="REG_DWORD", 12
       "LSRF"="REG_DWORD", 1478
       "LSRS"="REG_QWORD, ....
       "LSRT"="REG_DWORD", 15
       "RESULTS"="REG_BINARY, ....
       "SCAN"="REG_BINARY, ....
       "SCHEDULE_SCAN"="REG_DWORD", 2
       "STARTUP_SCAN"="REG_SZ", "0"
       "TCF"="REG_DWORD", 1
       "TCS"="REG_DWORD", 1
       "TRB"="REG_DWORD", 0
       "TRE"="REG_DWORD", 0
       "TRF"="REG_DWORD", 31
       "TRS"="REG_QWORD, ....
       "TRT"="REG_DWORD", 7
    [HKEY_CURRENT_USER\Software\PCFixSpeed\AppMessages\-1]
       "category"="REG_SZ", "All"
       "defaulturl"="REG_SZ", ""
       "donotshowagain"="REG_DWORD", 0
       "form"="REG_SZ", ""
       "lastshow"="REG_BINARY, ....
       "lng"="REG_SZ", ""
       "minos"="REG_SZ", ""
       "name"="REG_SZ", ""
       "old"="REG_DWORD", 0
       "position"="REG_SZ", ""
       "postponeshow"="REG_BINARY, ....
       "related"="REG_SZ", ""
       "rules"="REG_SZ", ""
       "src"="REG_SZ", ""
       "trackid"="REG_SZ", ""
       "valid"="REG_DWORD", 0
       "version"="REG_DWORD", 0
       "versionfrom"="REG_SZ", ""
       "versionto"="REG_SZ", ""

Malwarebytes log :

Code : Tout sélectionner

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/16/18
Scan Time: 11:13 AM
Log File: 601577dd-58e9-11e8-9eda-080027235d76.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.5126
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 239577
Threats Detected: 48
Threats Quarantined: 48
Time Elapsed: 2 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 2
PUP.Optional.PCFixSpeed, C:\PROGRAM FILES (X86)\PCFIXSPEED\PCFIXSPEED.EXE, Quarantined, [3520], [228754],1.0.5126
PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe, Quarantined, [3520], [228754],1.0.5126

Module: 2
PUP.Optional.PCFixSpeed, C:\PROGRAM FILES (X86)\PCFIXSPEED\PCFIXSPEED.EXE, Quarantined, [3520], [228754],1.0.5126
PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe, Quarantined, [3520], [228754],1.0.5126

Registry Key: 3
PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1, Quarantined, [3520], [228754],1.0.5126
PUP.Optional.PCFixSpeed, HKCU\SOFTWARE\PCFixSpeed, Quarantined, [3520], [228757],1.0.5126
PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\PCFixSpeed, Quarantined, [3520], [228760],1.0.5126

Registry Value: 1
PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCFixSpeed, Quarantined, [3520], [228754],1.0.5126

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 6
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\Startup, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\USERS\{username}\APPDATA\ROAMING\PCFIXSPEED, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC FIX SPEED, Quarantined, [3520], [228755],1.0.5126
PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\Update, Quarantined, [3520], [228754],1.0.5126
PUP.Optional.PCFixSpeed, C:\PROGRAM FILES (X86)\PCFIXSPEED, Quarantined, [3520], [228754],1.0.5126

File: 34
PUP.Optional.PCPowerSpeed, C:\USERS\PUBLIC\DESKTOP\OPTIMIZE YOUR PC.LNK, Quarantined, [1266], [190049],1.0.5126
PUP.Optional.PCFixSpeed, C:\USERS\{username}\APPDATA\ROAMING\PCFIXSPEED\FAQ.HTM, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\87_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\102_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\103_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\105_en_2.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\111_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\113_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\116_en_4.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\117_en_5.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\118_en_4.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\239_en_10.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\241_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\375_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\376_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\397_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\398_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\84_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\89_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\90_en_3.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\91_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\94_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\95_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\96_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\97_en_1.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\Users\{username}\AppData\Roaming\PCFixSpeed\News\99_en_2.pngx, Quarantined, [3520], [230396],1.0.5126
PUP.Optional.PCFixSpeed, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC FIX SPEED\PC FIX SPEED.LNK, Quarantined, [3520], [228755],1.0.5126
PUP.Optional.PCFixSpeed, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed\PCFixSpeed.com.url, Quarantined, [3520], [228755],1.0.5126
PUP.Optional.PCFixSpeed, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed\Uninstall PC Fix Speed.lnk, Quarantined, [3520], [228755],1.0.5126
PUP.Optional.PCFixSpeed, C:\PROGRAM FILES (X86)\PCFIXSPEED\PCFIXSPEED.EXE, Quarantined, [3520], [228754],1.0.5126
PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe, Quarantined, [3520], [228754],1.0.5126
PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\unins000.dat, Quarantined, [3520], [228754],1.0.5126
PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\unins000.exe, Quarantined, [3520], [228754],1.0.5126
PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\unins000.msg, Quarantined, [3520], [228754],1.0.5126

Physical Sector: 0
(No malicious items detected)


(end)

Publication autorisée par le Staff de Malwarebytes
Source

Image

Verrouillé