Signaler

Ieproxye.dll.rar et lot.rar (Windows Script Host)

Posez votre question SCORPION2016 2Messages postés vendredi 13 octobre 2017Date d'inscription 13 octobre 2017 Dernière intervention - Dernière réponse le 13 oct. 2017 à 18:08 par Malekal_morte-
Bonjour,

J'ai deux messages d'erreurs (Windows Script Host)
qui apprissent à chaque démarrage de mon PC et ce depuis pas longtemps.

Envoie ces 3 rapports FRST seront générés :

FRST.txt - https://pjjoint.malekal.com/files.php?id=FRST_20171013_w13j5g13s8z13
Shortcut.txt - https://pjjoint.malekal.com/files.php?id=20171013_x12w14q12i1110
Additionnal.txt - https://pjjoint.malekal.com/files.php?id=20171013_b15s5c11i14t15

Merci d'avance.

Sorry for my French!
Lucas.
Utile
+0
plus moins
Salut,

Cet ordinateur est infecté par des trojans depuis Mai, surement à cause de crack téléchargé.


Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.

Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :

CreateRestorePoint:
CloseProcesses:
cmd: netsh winsock reset
HKLM-x32\...\RunOnce: [Svchost] => c:\windows\system\svchost.exe [211860 2017-08-25] (Microsoft) <==== ATTENTION
ProxyServer: [S-1-5-21-3089380956-3616893820-1216415938-1001] => http=;ftp=;https=;
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 18 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 18 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Assistant.lnk [2017-10-13]
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gestionnaire.lnk [2017-10-13]
2017-08-25 08:42 - 2017-08-25 08:42 - 000211986 __RSH (Microsoft) C:\Users\Lucas\AppData\Roaming\mrsys.exe
2017-09-22 18:46 - 2017-09-22 18:47 - 000270218 ___SH (Microsoft) C:\Users\Lucas\AppData\Roaming\System.exe,
2017-08-25 08:42 - 2017-10-13 09:06 - 000211903 _____ (Microsoft) C:\Users\Lucas\AppData\Local\icsys.icn.exe
2017-05-05 10:56 - 2017-05-05 10:56 - 000211878 __RSH (Microsoft) C:\Users\Lucas\AppData\Local\stsys.exe
2017-10-11 18:01 - 2017-10-12 09:06 - 000001463 _____ C:\Users\Lucas\Desktop\Bloquear archivos en el Firewall.rar
2017-10-11 10:02 - 2017-10-11 10:03 - 163749038 ___SH C:\setup10.exe
2017-10-11 10:02 - 2017-10-11 10:02 - 000532480 ___SH (Indigo Rose Corporation) C:\autorun.exe
2017-10-11 10:02 - 2017-10-11 10:02 - 000000000 ____D C:\DATA
2017-10-11 10:01 - 2017-10-11 10:02 - 000000000 ____D C:\Opti10
2017-10-10 20:30 - 2017-10-11 09:06 - 095794155 ____R C:\Users\Lucas\Downloads\New emulators AIO 2017.rar
2017-10-10 20:25 - 2017-10-11 08:41 - 1045923840 _____ C:\Users\Lucas\Downloads\Optitex 17.0.29.0.iso [Pays US - 17.0.29.0]
2017-10-10 20:07 - 2017-10-11 10:01 - 000000000 ____D C:\Users\Lucas\Downloads\OPTITEX10NEW
2017-10-10 20:02 - 2017-10-11 09:05 - 000000000 ____D C:\Users\Lucas\Downloads\Gerber Accumark Family Apparel Design 8.2.0.156 (Working Crack With Detailed install instructions)
2017-10-10 18:38 - 2017-10-10 18:38 - 000000000 ____D C:\Users\Lucas\AppData\LocalLow\Adobe
2017-10-10 18:28 - 2017-10-10 18:28 - 000000000 ____D C:\Users\Lucas\Desktop\Optitex 15.0.198
2017-10-10 11:41 - 2017-10-10 11:41 - 000000000 ____D C:\Users\Lucas\Documents\Strategies support
2017-10-09 08:58 - 2017-10-09 09:03 - 000000000 ____D C:\Users\Lucas\Desktop\Patch_DFoX_v2.4 Nero2017_v18.x - luqueenterprises.com
2017-10-09 08:42 - 2017-10-09 08:42 - 000000000 ____D C:\Users\Lucas\Desktop\Nero 2017 Platinum + Serial Full RIKITECH
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:


Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.

Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur.


2°)
Termine par un nettoyage Malwarebytes - Tutoriel Malwarebytes Anti-Malware version gratuite
Donnez votre avis
Utile
+0
plus moins
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Lucas (13-10-2017 09:36:56) Run:1
Running from c:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available Profiles: Lucas & Lucas Estandar)
Boot Mode: Normal
==============================================

fixlist content:

CREATERESTOREPOINT:
CloseProcesses:
cmd: netsh winsock restablecer
HKLM-x32 \ ... \ RunOnce: [Svchost] => c: \ windows \ system \ svchost.exe [211860 08/25/2017] (Microsoft) <==== PRECAUCI�N
ProxyServer: [S-1-5-21-3089380956-3616893820-1216415938-1001] => = http, ftp =; = https;
Winsock: Catalog9 01 C: \ WINDOWS \ SysWOW64 \ SafeIPs.dll [384000 08.03.2015] (SafeIP)
Winsock: Catalog9 02 C: \ WINDOWS \ SysWOW64 \ SafeIPs.dll [384000 08.03.2015] (SafeIP)
Winsock: Catalog9 03 C: \ WINDOWS \ SysWOW64 \ SafeIPs.dll [384000 08.03.2015] (SafeIP)
Winsock: Catalog9 04 C: \ WINDOWS \ SysWOW64 \ SafeIPs.dll [384000 08.03.2015] (SafeIP)
Winsock: Catalog9 18 C: \ WINDOWS \ SysWOW64 \ SafeIPs.dll [384000 08.03.2015] (SafeIP)
Winsock: Catalog9-x64 01 C: \ WINDOWS \ system32 \ SafeIPs64.dll [547328 03.08.2015] (SafeIP)
Winsock: Catalog9-x64 02 C: \ WINDOWS \ system32 \ SafeIPs64.dll [547328 08/03/2015 ] (SafeIP)
Winsock: Catalog9-x64 03 C: \ WINDOWS \ system32 \ SafeIPs64.dll [547328 03.08.2015] (SafeIP)
Winsock: Catalog9-x64 04 C: \ WINDOWS \ system32 \ SafeIPs64.dll [547 328 2015 -08 a 03] (SafeIP)
Winsock: Catalog9 64 x 18 C: \ WINDOWS \ system32 \ SafeIPs64.dll [547328 08/03/2015] (SafeIP)
inicio: C: \ Users \ Lucas \ AppData \ Roaming \ Microsoft \ windows \ Men� Inicio \ Programas \ Inicio \ Assistant.lnk [13/10/2017]
De inicio: C: \ Users \ Lucas \ AppData \ Roaming \ Microsoft \ windows \ Men� Inicio \ Programas \ Inicio \ Gestionnaire.lnk [2017-10 -13]
C: \ Usuarios \ Lucas \ AppData \ Roaming \ mrsys.exe
2017-09-22 18:46 - 2017-08-25 08:42 - 22 18:47 - 000270218 ___SH (Microsoft) C: \ Users \ Lucas \ AppData \ Roaming \ System.exe,
08/25/2017 8:42-9:06 13/10/2017 - 000 211 903 _____ (Microsoft) C: \ Users \ Lucas \ AppData \ local \ icsys.icn.exe
05.05.2017 10:56 - 05.05.2017 10:56 - 000211878 __RSH (Microsoft) C: \ Users \ Lucas \ AppData \ local \ stsys. exe
11/10/2017 18:01-09:06 12/10/2017 - _____ 000 001 463 C: \ Users \ Lucas \ Desktop \ Archivos bloquear en el Firewall.rar
11/10/2017 10:02 - 2017-10- 11 10:03 - 163749038 ___SH C: \ setup10.exe
11.10.2017 10:02 - 11.10.2017 10:02 - 000532480 ___SH (Indigo Rose Corporation) C: \ autorun.exe
10.11.2017 10:02 - 11.10.2017 10:02 - 000000000 ____D C: \ DATA
11.10.2017 10:01 - 11.10.2017 10:02 - 000000000 ____D C: \ Opti10
2017- 10-10 20:30-9:06 11/10/2017 - 095794155 ____R C: \ Users \ Lucas \ Descargas \ Nuevos emuladores AIO 2017.rar
10/10/2017 20:25-8:41 11/10/2017 - 1045923840 _____ C: \ Users \ Lucas \ Descargas \ Optitex 17.0.29.0.iso [Pa�s EEUU - 17.0.29.0]
10.10.2017 20:07 - 11.10.2017 10:01 - 000000000 ____D C: \ Users \ Lucas \ Descargas \ OPTITEX10NEW
10/10/2017 20:02-9:05 11/10/2017 - 000000000 ____D C: \ Users \ Lucas \ Descargas \ Gerber Accumark familia Apparel Design 8.2.0.156 (crack trabajo con instrucciones de instalaci�n detalladas )
____D C: \ Usuarios \ Lucas \ AppData \ LocalLow \ Adobe
10/10/2017 18:28-18:28 10/10/2017 - 000000000 ____D C: \ Users \ Lucas \ Desktop \ Optitex 15.0.198
10/10/2017 11:41 - 10/10/2017 11:41 - 000000000 ____D C: \ Users \ Lucas \ Documents \ portadora Estrategias
10/09/2017 8:58-9:03 09/10/2017 - 000000000 ____D C: \ Users \ Lucas \ Desktop \ Patch_DFoX_v2.4 Nero2017_v18.x - luqueenterprises.com
2017-10-09 8:42-8:42 09/10/2017 - 000000000 ____D C: \ Users \ Lucas \ Desktop \ Nero Platinum 2017 + Serial RIKITECH completa
ej�rcitos:
EMPTYTEMP:
RemoveProxy:
reinicio:


Restore point was successfully created.
Processes closed successfully.

========= netsh winsock restablecer =========

No se encuentra el comando: winsock restablecer

========= End of CMD: =========

HKLM-x32 \ ... \ RunOnce: [Svchost] => c: \ windows \ system \ svchost.exe [211860 08/25/2017] (Microsoft) <==== PRECAUCIÓN => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3089380956-3616893820-1216415938-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000064 => key not found.
inicio: C: \ Users \ Lucas \ AppData \ Roaming \ Microsoft \ windows \ Menú Inicio \ Programas \ Inicio \ Assistant.lnk [13/10/2017] => Error: No automatic fix found for this entry.
De inicio: C: \ Users \ Lucas \ AppData \ Roaming \ Microsoft \ windows \ Menú Inicio \ Programas \ Inicio \ Gestionnaire.lnk [2017-10 -13] => Error: No automatic fix found for this entry.
C: \ Usuarios \ Lucas \ AppData \ Roaming \ mrsys.exe => Error: No automatic fix found for this entry.
"2017-09-22 18:46 - 2017-08-25 08:42 - 22 18:47 - 000270218 ___SH (Microsoft) C: \ Users \ Lucas \ AppData \ Roaming \ System.exe," => not found.
08/25/2017 8:42-9:06 13/10/2017 - 000 211 903 _____ (Microsoft) C: \ Users \ Lucas \ AppData \ local \ icsys.icn.exe => Error: No automatic fix found for this entry.
05.05.2017 10:56 - 05.05.2017 10:56 - 000211878 __RSH (Microsoft) C: \ Users \ Lucas \ AppData \ local \ stsys. exe => Error: No automatic fix found for this entry.
11/10/2017 18:01-09:06 12/10/2017 - _____ 000 001 463 C: \ Users \ Lucas \ Desktop \ Archivos bloquear en el Firewall.rar => Error: No automatic fix found for this entry.
11/10/2017 10:02 - 2017-10- 11 10:03 - 163749038 ___SH C: \ setup10.exe => Error: No automatic fix found for this entry.
11.10.2017 10:02 - 11.10.2017 10:02 - 000532480 ___SH (Indigo Rose Corporation) C: \ autorun.exe => Error: No automatic fix found for this entry.
10.11.2017 10:02 - 11.10.2017 10:02 - 000000000 ____D C: \ DATA => Error: No automatic fix found for this entry.
11.10.2017 10:01 - 11.10.2017 10:02 - 000000000 ____D C: \ Opti10 => Error: No automatic fix found for this entry.
2017- 10-10 20:30-9:06 11/10/2017 - 095794155 ____R C: \ Users \ Lucas \ Descargas \ Nuevos emuladores AIO 2017.rar => Error: No automatic fix found for this entry.
10/10/2017 20:25-8:41 11/10/2017 - 1045923840 _____ C: \ Users \ Lucas \ Descargas \ Optitex 17.0.29.0.iso [País EEUU - 17.0.29.0] => Error: No automatic fix found for this entry.
10.10.2017 20:07 - 11.10.2017 10:01 - 000000000 ____D C: \ Users \ Lucas \ Descargas \ OPTITEX10NEW => Error: No automatic fix found for this entry.
10/10/2017 20:02-9:05 11/10/2017 - 000000000 ____D C: \ Users \ Lucas \ Descargas \ Gerber Accumark familia Apparel Design 8.2.0.156 (crack trabajo con instrucciones de instalación detalladas ) => Error: No automatic fix found for this entry.
____D C: \ Usuarios \ Lucas \ AppData \ LocalLow \ Adobe => Error: No automatic fix found for this entry.
10/10/2017 18:28-18:28 10/10/2017 - 000000000 ____D C: \ Users \ Lucas \ Desktop \ Optitex 15.0.198 => Error: No automatic fix found for this entry.
10/10/2017 11:41 - 10/10/2017 11:41 - 000000000 ____D C: \ Users \ Lucas \ Documents \ portadora Estrategias => Error: No automatic fix found for this entry.
10/09/2017 8:58-9:03 09/10/2017 - 000000000 ____D C: \ Users \ Lucas \ Desktop \ Patch_DFoX_v2.4 Nero2017_v18.x - luqueenterprises.com => Error: No automatic fix found for this entry.
"2017-10-09 8:42-8:42 09/10/2017 - 000000000 ____D C: \ Users \ Lucas \ Desktop \ Nero Platinum 2017 + Serial RIKITECH completa" => not found.
ejércitos: => Error: No automatic fix found for this entry.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3089380956-3616893820-1216415938-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3089380956-3616893820-1216415938-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

reinicio: => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8652174 B
Java, Flash, Steam htmlcache => 12360 B
Windows/system/drivers => 13291046 B
Edge => 5302100 B
Chrome => 313996345 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 21348 B
NetworkService => 329126 B
Lucas => 551849131 B
Lucas Estandar => 19753 B

RecycleBin => 57974 B
EmptyTemp: => 862.2 MB temporary data Removed.

================================


The system needed a reboot.

End of Fixlog 09:39:50

Donnez votre avis
Utile
+0
plus moins
ok passe à Malwarebytes.
Donnez votre avis

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !