Auteur Sujet: PCKeeper  (Lu 1289 fois)

0 Membres et 1 Invité sur ce sujet

En ligne chantal11

  • Admin Formation
  • Mega Power Members
  • ****
  • Messages: 22953
    • Windows 10 - Windows 8 - Windows 7 - Windows Vista
PCKeeper
« le: août 10, 2017, 17:23:56 »
Contenu republié avec la permission de Malwarebytes

PCKeeper est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs



  • S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

  • Affiche ces alertes pendant l'installation


  • Affiche ces écrans pendant les opérations


  • Crée cette icône dans la Barre des tâches, sur le Bureau et dans le Menu Démarrer

  • Crée ces tâches planifiées








**********

Détection de PCKeeper dans des rapports FRST :

Citer
AccountService (Version: 1.1.69 - Essentware) Hidden
PCKeeper (HKLM-x32\...\{E44BBEE3-3F83-4670-9E2E-EE0556442287}) (Version: 2.2.2031 - Essentware)
PCKeeper (Version: 2.2.2031 - Essentware) Hidden
Task: {A50DF640-C5D5-4802-B447-39A450808B54} - System32\Tasks\PCKeeper updater => C:\ProgramData\Essentware\installer.exe [2017-08-07] (Essentware) <==== ATTENTION
C:\Program Files\Essentware\PCKeeper\OneClickFixServicePS.dll
C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponentPS.dll
C:\Program Files\Essentware\PCKeeper\SharedNativeLibraryPS.dll
C:\Program Files\Essentware\PCKeeper\DiskCleanerComponentPS.dll

(Essentware) C:\Program Files\Essentware\Common\AccountService.exe
(Essentware) C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe
(Essentware) C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe
(Essentware) C:\Program Files\Essentware\PCKeeper\PCKeeper.exe
HKCU\...\Run: [PCKeeperLive] => C:\Program Files\Essentware\PCKeeper\PCKeeper.exe [501328 2016-01-25] (Essentware)
R2 AccountService; C:\Program Files\Essentware\Common\AccountService.exe [211136 2016-02-29] (Essentware) <==== ATTENTION
R2 PCKeeper2Service; C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe [191816 2016-01-25] (Essentware) <==== ATTENTION
R2 PCKeeperOcfService; C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe [1136880 2016-01-25] (Essentware) <==== ATTENTION
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32400 2016-01-25] () <==== ATTENTION
C:\Windows\System32\Tasks\PCKeeper updater
C:\Users\{Nom_Utilisateur}\AppData\Local\Essentware
C:\ProgramData\Essentware
C:\Users\Public\Desktop\PCKeeper.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentware
C:\Program Files\Essentware


**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'IP 69.50.196.239 et le domaine hopto.today

Citer
PUP.Optional.PCKeeper

Citer
-Scan Details-
Process: 4
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\ONECLICKFIXSERVICE.EXE, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\PCKEEPER.EXE, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\PCKEEPERSERVICE.EXE, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\AccountService.exe, Quarantined, [833], [260397],1.0.2528

Module: 15
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\ONECLICKFIXSERVICE.EXE, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\SHAREDNATIVELIBRARY.DLL, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\SHAREDNATIVELIBRARY.DLL, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\PCKEEPER.EXE, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\PCKEEPERSERVICE.EXE, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\DISKCLEANERCOMPONENT.DLL, Quarantined, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\AccountService.exe, Quarantined, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\DiskCleanerComponentPS.dll, Quarantined, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\OneClickFixServicePS.dll, Quarantined, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\OneClickFixServicePS.dll, Quarantined, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\OneClickFixServicePS.dll, Quarantined, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponentPS.dll, Quarantined, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\SharedNativeLibraryPS.dll, Quarantined, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\SharedNativeLibraryPS.dll, Quarantined, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\SQLite.Interop.dll, Quarantined, [833], [260397],1.0.2528

Registry Key: 72
PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCKeeperOcfService, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{503F82AB-1549-4B08-AF10-289CCCF3BE4B}, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{503F82AB-1549-4B08-AF10-289CCCF3BE4B}\InprocServer32, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{7944171A-50CC-479E-A6FC-B1E25E665C25}, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{7944171A-50CC-479E-A6FC-B1E25E665C25}\InprocServer32, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCKeeper2Service, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{9443C19D-B318-4EBD-8A7F-6A50D0472FB4}, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{9443C19D-B318-4EBD-8A7F-6A50D0472FB4}\InprocServer32, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{95CAD169-7912-410E-8C8A-7BA1729BD8F7}, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{95CAD169-7912-410E-8C8A-7BA1729BD8F7}\InprocServer32, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fileHiders, Delete-on-Reboot, [833], [115896],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E44BBEE3-3F83-4670-9E2E-EE0556442287}, Delete-on-Reboot, [833], [299910],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E44BBEE3-3F83-4670-9E2E-EE0556442287}, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32, Delete-on-Reboot, [833], [241577],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS, Delete-on-Reboot, [833], [241577],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B2CD1132-75C5-427F-8B06-9DA507A5A2B6}, Delete-on-Reboot, [833], [384778],1.0.2528
PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AccountService, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{CF6E1E3B-5B36-4A71-9105-DC75B4089D8C}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{CF6E1E3B-5B36-4A71-9105-DC75B4089D8C}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{CF6E1E3B-5B36-4A71-9105-DC75B4089D8C}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{F6649783-7559-4772-96C7-02D33BEACD8C}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6649783-7559-4772-96C7-02D33BEACD8C}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{F6649783-7559-4772-96C7-02D33BEACD8C}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{206E5E13-3B8F-4146-9C21-F18A63A9689B}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{206E5E13-3B8F-4146-9C21-F18A63A9689B}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{206E5E13-3B8F-4146-9C21-F18A63A9689B}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{828FB706-5749-4255-862F-3D30FCF017E1}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{828FB706-5749-4255-862F-3D30FCF017E1}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{817BF5D8-380E-44F4-8E61-43E7ECF74B53}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{817BF5D8-380E-44F4-8E61-43E7ECF74B53}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\TYPELIB\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D062B23B-F8EE-40EC-BF3F-7DB0E9FE1232}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{0319DE47-F039-45DC-A213-DBB61C6AE509}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{0319DE47-F039-45DC-A213-DBB61C6AE509}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{0319DE47-F039-45DC-A213-DBB61C6AE509}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{33B2A2E0-18F6-45CB-8080-04320066A4A1}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{33B2A2E0-18F6-45CB-8080-04320066A4A1}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{CCF68051-721D-40C7-812D-86ED0FDE7411}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{CCF68051-721D-40C7-812D-86ED0FDE7411}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{074BFF31-CA38-43C4-8F25-79213AD708EF}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{074BFF31-CA38-43C4-8F25-79213AD708EF}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{074BFF31-CA38-43C4-8F25-79213AD708EF}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{2F8F99FD-7C0E-4150-8DFD-13B1F4FBD916}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{2F8F99FD-7C0E-4150-8DFD-13B1F4FBD916}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{0D838143-D511-4555-8B97-16C3CF5A780D}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D838143-D511-4555-8B97-16C3CF5A780D}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{0D838143-D511-4555-8B97-16C3CF5A780D}\InprocServer32, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\APPID\PCKElevatedHost.exe, Delete-on-Reboot, [833], [261777],1.0.2528
PUP.Optional.PCKeeper, HKCU\SOFTWARE\ESSENTWARE\PCKeeper, Delete-on-Reboot, [833], [260410],1.0.2528
PUP.Optional.PCKeeper, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\625aa1ef_0, Delete-on-Reboot, [833], [260411],1.0.2528
PUP.Optional.PCKeeper, HKCU\SOFTWARE\Essentware, Delete-on-Reboot, [833], [384779],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\ESSENTWARE\PCKeeper, Delete-on-Reboot, [833], [260412],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\PCKeeperShell32, Delete-on-Reboot, [833], [261776],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\Essentware, Delete-on-Reboot, [833], [384759],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\PCKeeperShell64, Delete-on-Reboot, [833], [261776],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\PCKElevatedHost.exe, Delete-on-Reboot, [833], [261777],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PCKElevatedHost.exe, Delete-on-Reboot, [833], [261777],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1B105871-6789-4A7B-8644-2010BCB9F249}, Delete-on-Reboot, [833], [260413],1.0.2528

Registry Value: 8
PUP.Optional.PCKeeper, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCKeeperLive, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCKeeperLive, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{828FB706-5749-4255-862F-3D30FCF017E1}, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\625aa1ef_0|, Delete-on-Reboot, [833], [260411],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E44BBEE3-3F83-4670-9E2E-EE0556442287}|DISPLAYNAME, Delete-on-Reboot, [833], [241578],1.0.2528
PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ACCOUNTSERVICE|IMAGEPATH, Delete-on-Reboot, [833], [260400],1.0.2528
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1B105871-6789-4A7B-8644-2010BCB9F249}|DISPLAYNAME, Delete-on-Reboot, [833], [260413],1.0.2528

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 13
PUP.Optional.PCKeeper, C:\Users\{username}\AppData\Local\Essentware\DefaultDomain_Path_xseuterajdw5fywvmojz5uax4dukfyo4\2.2.2031.0, Delete-on-Reboot, [833], [182318],1.0.2528
PUP.Optional.PCKeeper, C:\Users\{username}\AppData\Local\Essentware\DefaultDomain_Path_xseuterajdw5fywvmojz5uax4dukfyo4, Delete-on-Reboot, [833], [182318],1.0.2528
PUP.Optional.PCKeeper, C:\USERS\{username}\APPDATA\LOCAL\Essentware, Delete-on-Reboot, [833], [182318],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\ProblemFinder, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\Minidumps, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\AccountService, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\Installer, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAMDATA\ESSENTWARE, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ESSENTWARE, Delete-on-Reboot, [833], [260398],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE, Delete-on-Reboot, [833], [260397],1.0.2528

File: 93
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\ONECLICKFIXSERVICE.EXE, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\SHAREDNATIVELIBRARY.DLL, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\PCKEEPER.EXE, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\PCKEEPERSERVICE.EXE, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAM FILES\ESSENTWARE\PCKEEPER\DISKCLEANERCOMPONENT.DLL, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\WINDOWS\SYSTEM32\DRIVERS\FILEHIDERS.SYS, Delete-on-Reboot, [833], [115896],1.0.2528
PUP.Optional.PCKeeper, C:\Users\{username}\AppData\Local\Essentware\DefaultDomain_Path_xseuterajdw5fywvmojz5uax4dukfyo4\2.2.2031.0\user.config, Delete-on-Reboot, [833], [182318],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAMDATA\ESSENTWARE\INSTALLER.EXE, Delete-on-Reboot, [833], [299910],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAMDATA\ESSENTWARE\PCKEEPER\ONECLICKFIXSERVICE.EXE0.LLOG, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\AccountService\AccountService.exe0.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\AccountService\AccountService.exe1.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\AccountService\AccountService.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\AccountService\CrashReportSender.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\Installer\AccSvc.log, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\Installer\Installer.exe0.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\Installer\installer0.exe0.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\ProblemFinder\RegistryScan.xml, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\ProblemFinder\ScanReport.xml, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\ProblemFinder\SystemScan.xml, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\CrashReportSender.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\PCKeeper.exe0.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\PCKeeper.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\PCKeeperService.exe0.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\PCKeeperService.exe1.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\PCKeeperService.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\PCKeeper\RegistryCleanerComponent.dll0.llog, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\ProgramData\Essentware\installer.exe, Delete-on-Reboot, [833], [260395],1.0.2528
PUP.Optional.PCKeeper, C:\USERS\PUBLIC\DESKTOP\PCKEEPER.LNK, Delete-on-Reboot, [833], [241571],1.0.2528
PUP.Optional.PCKeeper, C:\USERS\{username}\DESKTOP\INSTALLER.EXE, Delete-on-Reboot, [833], [299910],1.0.2528
PUP.Optional.PCKeeper, C:\WINDOWS\INSTALLER\24BCBD.MSI, Delete-on-Reboot, [833], [348428],1.0.2528
PUP.Optional.PCKeeper, C:\WINDOWS\SYSTEM32\TASKS\PCKEEPER UPDATER, Delete-on-Reboot, [833], [241573],1.0.2528
PUP.Optional.PCKeeper, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ESSENTWARE\PCKeeper.lnk, Delete-on-Reboot, [833], [260398],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\AccountService.exe, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\AccountServiceLibrary.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\AccountServicePS.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\Contracts.Account.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\CrashReportSender.exe, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\NativeMethods.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\Newtonsoft.Json.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\Newtonsoft.Json.xml, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\Ninject.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\NLog.config, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\NLog.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\ServiceInfrastructure.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\Common\SharedLibrary.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKeeper.Shared.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\AntiTheftServiceLibrary.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\AppRemFolder.exe, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Contracts.Account.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Contracts.PCKeeper.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Controls.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\CrashReportSender.exe, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\DiskCleanerComponentPS.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\DrvInstaller.exe, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Elevator.exe, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\fileHiders.inf, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\fileHiders.sys, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Ionic.Zip.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\LocalizationHelpers.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\ManagedWifi.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Microsoft.Expression.Drawing.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Microsoft.Expression.Interactions.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\NativeMethods.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Newtonsoft.Json.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\Ninject.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\NLog.config, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\NLog.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\OcfElevator.exe, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\OneClickFixServiceLibrary.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\OneClickFixServicePS.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKeeperCore.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKeeperServiceCore.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKeeperServicePS.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKeeperShellExt32.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKeeperShellExt64.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKElevatedHost.exe, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKObjFactory.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\PCKObjFactoryPS.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponent.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\RegistryCleanerComponentPS.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\ServiceInfrastructure.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\SharedLibrary.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\SharedNativeLibraryPS.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\SQLite.Interop.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\System.Data.SQLite.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\System.Windows.Interactivity.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\SystemContextMenu.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\TokenPrivileges.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\UtilitiesServiceLibrary.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\WebCamFrameCaptureComponent.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\WebCamFrameCaptureComponentPS.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\ZBAnalytics.dll, Delete-on-Reboot, [833], [260397],1.0.2528
PUP.Optional.PCKeeper, C:\Program Files\Essentware\PCKeeper\ZBAnalyticsCore.dll, Delete-on-Reboot, [833], [260397],1.0.2528

Physical Sector: 0
(No malicious items detected)



Tutoriel d'utilisation Malwarebytes en images


Source : Removal instructions for PCKeeper de Metallica - Malwarebytes Forums



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/
 

Security-X

PCKeeper
« le: août 10, 2017, 17:23:56 »