Pup en quarantaine

Résolu/Fermé
Xohama - 28 avril 2019 à 11:16
 Xohama - 28 avril 2019 à 12:18
Bonjour,
J'ai fait faire à une amie un scan adw cleaner parce qu'elle trouvait son pc lent et son navigateur aussi... 109 PUP qui sont partis en quarantaine...
Faut il les supprimer ?
Il y a de tout :
du optional.legacy
optional.searchmanager
optional.winrepairpro
optional.InstallCore
ECT...ECT...ETC

2 réponses

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 651
28 avril 2019 à 11:22
Salut,


Pour vérifier ton ordinateur, pour d'éventuels infections et avoir un état général du système :

Suis le tutoriel FRST en cliquant sur ce lien bleu. ( prends le temps de lire attentivement - tout y est bien expliqué ).

Télécharge et lance le scan FRST,
Attendre la fin du scan, un message indique que l'analyse est terminée.

Trois rapports FRST seront générés :
  • FRST.txt
  • Shortcut.
  • Additionnal.txt


Envoie ces 3 rapports sur le site https://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.

(Les liens bleus mènent à des tutoriels explicatifs pas à pas, clic dessus pour avoir les instructions plus précises à suivre).


3
Comme je l'ai dit ce n'est pas mon pc...
Voici le rapport d'adwcleaner :
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-23.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-28-2019
# Duration: 00:00:18
# OS: Windows 10 Home
# Scanned: 27222
# Detected: 109
    • [ Services ] **


PUP.Optional.ByteFence ByteFenceService
PUP.Optional.ByteFence rtop
PUP.Optional.Legacy MustangService_2015_10_10
PUP.Optional.WinZipRegistryOptimizer WinZip Smart Monitor Service
    • [ Folders ] **


PUP.Optional.ByteFence C:\Program Files\ByteFence
PUP.Optional.ByteFence C:\ProgramData\ByteFence
PUP.Optional.ByteFence C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
PUP.Optional.Legacy C:\Program Files\WinZip Smart Monitor
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater
PUP.Optional.Legacy C:\ProgramData\WinZip\WinZip Driver Updater
PUP.Optional.Legacy C:\ProgramData\WinZip\WinZip Smart Monitor
PUP.Optional.Legacy C:\Users\Public\Documents\Guid
PUP.Optional.Legacy C:\Users\cathe_000\AppData\Roaming\cacaoweb
PUP.Optional.TempMoudleSet C:\ProgramData\TempMoudleSet
PUP.Optional.WinZipDriverUpdater C:\Program Files\WinZip Driver Updater
    • [ Files ] **

Malwarebytes
Customer Support & Help Center
Visit the Malwarebytes Customer Support Center to get help with installation, configuration, troubleshooting, and more.

PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\ScreenShot.lnk
PUP.Optional.Legacy C:\Users\cathe_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ScreenShot.lnk
PUP.Optional.MindSpark C:\Users\cathe_000\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_EASYDOCMERGE.DL.MYWAY.COM_0.LOCALSTORAGE
PUP.Optional.MindSpark C:\Users\cathe_000\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_EASYDOCMERGE.DL.MYWAY.COM_0.LOCALSTORAGE-JOURNAL
PUP.Optional.MindSpark C:\Users\cathe_000\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_EASYDOCMERGE.DL.TB.ASK.COM_0.LOCALSTORAGE
PUP.Optional.MindSpark C:\Users\cathe_000\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_EASYDOCMERGE.DL.TB.ASK.COM_0.LOCALSTORAGE-JOURNAL
PUP.Optional.MindSpark C:\Users\cathe_000\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_EASYPDFCOMBINE.DL.MYWAY.COM_0.LOCALSTORAGE
PUP.Optional.MindSpark C:\Users\cathe_000\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_EASYPDFCOMBINE.DL.MYWAY.COM_0.LOCALSTORAGE-JOURNAL
PUP.Optional.MindSpark C:\Users\cathe_000\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_EASYPDFCOMBINE.DL.TB.ASK.COM_0.LOCALSTORAGE
PUP.Optional.MindSpark C:\Users\cathe_000\AppData\Local\Google\Chrome\User Data\Default\LOCAL STORAGE\HTTP_EASYPDFCOMBINE.DL.TB.ASK.COM_0.LOCALSTORAGE-JOURNAL
    • [ DLL ] **


No malicious DLLs found.
    • [ WMI ] **

No malicious WMI found.
    • [ Shortcuts ] **


No malicious shortcuts found.
    • [ Tasks ] **


PUP.Adware.Heuristic C:\Windows\System32\Tasks\Start WinZip Driver Updater Update
PUP.Adware.Heuristic C:\Windows\System32\Tasks\Start WinZip Driver Updater for PCCATHY@Lucas(logon)
PUP.Adware.Heuristic C:\Windows\System32\Tasks\Start WinZip Driver Updater for PCCATHY@cathe_000(logon)
PUP.Adware.Heuristic C:\Windows\Tasks\Start WinZip Driver Updater for PCCATHY@Lucas(logon).job
PUP.Adware.Heuristic C:\Windows\Tasks\Start WinZip Driver Updater for PCCATHY@cathe_000(logon).job
PUP.Optional.ByteFence C:\Windows\System32\Tasks\BYTEFENCE
PUP.Optional.SysTweak C:\Windows\System32\Tasks\START WINZIP DRIVER UPDATER SCHEDULE
    • [ Registry ] **

PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DFD6CBFD-0FAC-44D1-86BD-ACAEDCBD05E0}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{17620239-B27D-493D-8E57-58579053FE21}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{39312E0C-549E-4286-AD00-CC92D267797F}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DFD6CBFD-0FAC-44D1-86BD-ACAEDCBD05E0}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Driver Updater Update
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Driver Updater for PCCATHY@Lucas(logon)
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Driver Updater for PCCATHY@cathe_000(logon)
PUP.Optional.AdvancedPCCare HKLM\Software\AppApcVerifier
PUP.Optional.ByteFence HKCU\Software\ByteFence
PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{EFB2D622-D236-4BCA-86F8-1CA0FB461408}
PUP.Optional.ByteFence HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence
PUP.Optional.ByteFence HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence HKLM\Software\ByteFence
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\ByteFence
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
PUP.Optional.ByteFence HKLM\System\CurrentControlSet\Services\EventLog\Application\ByteFenceService
PUP.Optional.ByteFence HKU.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence HKU\S-1-5-18\Software\ByteFence
PUP.Optional.Elex HKLM\Software\Classes\TypeLib{8DD92279-9B04-4C6F-A862-EF3C24603804}
PUP.Optional.Elex HKLM\Software\Wow6432Node\RayDld
PUP.Optional.Elex HKLM\Software\Wow6432Node\Classes\TypeLib{8DD92279-9B04-4C6F-A862-EF3C24603804}
PUP.Optional.Elex HKLM\Software\Wow6432Node\ihpmserver
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mystartsearch.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mystartsearch.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mystartsearch.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mystartsearch.com
PUP.Optional.Legacy HKCU\Software\Ecommfactory
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cacaoweb
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cacaoweb
PUP.Optional.Legacy HKCU\Software\cacaoweb
PUP.Optional.Legacy HKLM\SOFTWARE\Classes*\shell\ByteFence File Scan
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6CA7696B-09AF-4550-A406-7F1AD6CCA574}C:\users\cathe_000\appdata\roaming\cacaoweb\cacaoweb.exe
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{C640702E-DE1C-4FC5-A816-978364D69574}C:\users\temp\appdata\roaming\cacaoweb\cacaoweb.exe
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F22C9AAA-4341-4720-866C-723EFCBEA83A}C:\users\cathe_000\appdata\roaming\cacaoweb\cacaoweb.exe
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{2C83EACD-E620-4F6B-B6CF-94D746D406AF}C:\users\cathe_000\appdata\roaming\cacaoweb\cacaoweb.exe
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{3296982B-EC1A-479B-8F73-FB26481FB3C3}C:\users\temp\appdata\roaming\cacaoweb\cacaoweb.exe
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4211E126-3077-4D92-B742-A6191B1DA280}C:\users\cathe_000\appdata\roaming\cacaoweb\cacaoweb.exe
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes{26080cad-4adc-49ac-8c63-eda16e595cbd}
PUP.Optional.Legacy HKLM\Software\WebBar
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{26080cad-4adc-49ac-8c63-eda16e595cbd}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
PUP.Optional.Legacy HKLM\Software\pcv-var
PUP.Optional.MyStartSearch.ShrtCln HKLM\Software\Wow6432Node\mystartsearchSoftware
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.ScreenShot HKLM\Software\Wow6432Node\ScreenShot
PUP.Optional.ScreenShot HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ScreenShot
PUP.Optional.SearchManager HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
PUP.Optional.SearchManager HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
PUP.Optional.SlimCleanerPlus HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.SlimCleanerPlus HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cdn.castplatform.com
PUP.Optional.SlimCleanerPlus HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\castplatform.com
PUP.Optional.SlimCleanerPlus HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cdn.castplatform.com
PUP.Optional.SlimCleanerPlus HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.SlimCleanerPlus HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
PUP.Optional.SysTweak HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{B8DFFF4B-74F9-48C0-9DA6-467362E315D5}
PUP.Optional.SysTweak HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B8DFFF4B-74F9-48C0-9DA6-467362E315D5}
PUP.Optional.SysTweak HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start WinZip Driver Updater Schedule
PUP.Optional.Vittalia HKCU\Software\Vittalia
PUP.Optional.WinZipDriverUpdater HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Driver Updater
PUP.Optional.WinZipMalwareProtector HKLM\System\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector
    • [ Chromium (and derivatives) ] **


PUP.Optional.Legacy MSN Homepage & Bing Search Engine
PUP.Optional.SearchManager Search Manager
PUP.Optional.SearchManager Search Manager
    • [ Chromium URLs ] **


No malicious Chromium URLs found.
    • [ Firefox (and derivatives) ] **


No malicious Firefox entries found.
    • [ Firefox URLs ] **


No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 651
28 avril 2019 à 11:37
Tu t'es fait avoir par un installer InstallCore, une plateforme de PUP (programmes potentiellement indésirables) qui est proposé sur des sites de téléchargement ou à travers de fausses mises à jour Java, Flash.
Cela propose d'installer Chromium pour forcer Yahoo!, ByteFence, Avast!, McAfee Security Advisor ou McAfee LiveSafe.
Pour ne plus te faire avoir à lire : PUPs InstallCore


Faire FRST.
0
Suis-je obligé de faire FRST ?
Moi je sais le faire mais pas mon amie et cela risque d'être assez compliqué je sens x)
Je veux bien faire un Teamviewer mais cela risque d'être déjà dur pour elle x)


Ma seule question est :
Est-ce qu'il faut supprimer tous ces fichiers en quarantaine ?
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 651 > Xohama
28 avril 2019 à 12:00
oui.
0
Xohama > Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020
28 avril 2019 à 12:16
Oui ?
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 651 > Xohama
28 avril 2019 à 12:17
Tu peux supprimer ce qu'AdwCleaner détecte.
0
Xohama > Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020
28 avril 2019 à 12:18
Très bien merci.
0