Elektroda.com
Elektroda.com
X
Elektroda.com
Advanced Search
Elektroda.com

[Solved] Windows 10 Pro Auto-Settings Proxy Address & Entry: http=127.0.0.1:8080; https=127.0.0.1:8080

polishman694 3285 9
This content has been translated flag-pl » flag-en View the original version here.
| New topic
  • #1
    polishman694
    Level 7  
    In the attachment there is a picture of the Windows 10 pro screen and each time something sets the address at: http = 127.0.0.1: 8080; https = 127.0.0.1: 8080 and the entry at the address is set to:
    Attachments:
  • #4
    RADU23
    Moderator of Computers service
    In the directory where the program is located. See C: \ FRST
  • #6
    Kolobos
    IT specialist
    Instaluj zainfekowane aktywatory, narzekaj, ze "system" ustawia proxy...

    Odinstaluj:
    RunBooster
    youndoo - Uninstall

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-3334278068-2120902769-2795021655-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9A1A3B2A067D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    Task: {2AC0384B-C44C-4CB3-BDCC-FFE4B0FA617D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku C:\Program Files\Opera\launcher.exe [2018-01-22] (Opera Software)
    Task: {B582FA60-912F-4529-94D3-47E5ADBFCE38} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" C:\WINDOWS\explorer.exe /NOUACCHECK
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {4211ffac-cc6e-11e7-9f9b-902b34916770} - "J:\setup.exe"
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {c4fad46a-cf92-11e7-9fa0-902b34916770} - "L:\setup.exe"
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {f7186c82-feda-11e7-a000-902b34916770} - "K:\HiSuiteDownLoader.exe"
    HKLM\...\Providers\l1vlz0bg: C:\Program Files (x86)\Jneghktasp Manager\local64spl.dll Brak pliku http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona]
    ProxyServer: [.DEFAULT] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    RemoveProxy:
    BHO: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
    C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl [2017-08-26]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\Denis\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd
    OPR Extension: (0) - C:\Users\Denis\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd [2017-08-26]
    R2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2017-03-26] () [Brak podpisu cyfrowego]
    R1 wfcre; C:\WINDOWS\System32\drivers\wfcre.sys [124288 2017-07-04] ()
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H C:\Users\Denis\AppData\Local\BIT7D02.tmp
    2017-03-26 11:34 - 2017-12-16 15:22 - 000000259 _____ () C:\ProgramData\fontcacheev1.dat
    2017-03-27 18:34 - 2017-04-03 16:07 - 000000023 _____ () C:\Users\Denis\AppData\Roaming\HS.ini
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H () C:\Users\Denis\AppData\Local\BIT7D02.tmp
    2017-11-03 20:18 - 2017-11-04 18:54 - 000000000 _____ () C:\Users\Denis\AppData\Local\debuggee.mdmp
    EmptyTemp:

    W FRST wybierz Napraw.
  • #7
    safbot1st
    Level 43  
    Uninstall RunBooster and youndoo. Are you knowingly using the "GamerHash" remote excavator ???
    Open the system notebook and paste: [code:1:31dc48bf62]
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona]
    ProxyServer: [.DEFAULT] => http=127.0.0.1:8080;https=127.0.0.1:8080
    Hosts:
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{9a30cac2-73b7-4647-9f1a-eca4b8393b12}: [DhcpNameServer] 192.168.2.23
    Tcpip\..\Interfaces\{b1fcf892-2802-45d0-9a59-edc5ca72ad8e}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{e7103d77-5fe9-48de-b1b6-1279b0ee56ad}: [DhcpNameServer] 192.168.2.1
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    BHO: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    2017-03-27 18:34 - 2017-04-03 16:07 - 000000023 _____ () C:\Users\Denis\AppData\Roaming\HS.ini
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H () C:\Users\Denis\AppData\Local\BIT7D02.tmp
    2017-11-03 20:18 - 2017-11-04 18:54 - 000000000 _____ () C:\Users\Denis\AppData\Local\debuggee.mdmp
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 _____ () C:\Users\Denis\AppData\Local\{FD3E904F-A32A-4813-AB4F-86D1C409B710}
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden %%systemroot%%\system32\shell32.dll => Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    Task: {2AC0384B-C44C-4CB3-BDCC-FFE4B0FA617D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini"
  • Helpful post
    #8
    Kolobos
    IT specialist
    > I didn't know that, is it necessary?

    Yes -> https://www.fixitpc.pl/topic/23904-frst-tutorial-obs%C5%82ugi-farbar-recovery-scan-tool/

    > Additionally, I found such a tease. You have to turn off "hidden" to be able to uninstall.

    This is just a blank entry, the infection is no longer in the logs.

    The excavator will probably be scrapped, but we'll see what the author writes.
  • #9
    polishman694
    Level 7  
    Kolobos wrote:
    Instaluj zainfekowane aktywatory, narzekaj, ze "system" ustawia proxy...

    Odinstaluj:
    RunBooster
    youndoo - Uninstall

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-3334278068-2120902769-2795021655-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9A1A3B2A067D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    Task: {2AC0384B-C44C-4CB3-BDCC-FFE4B0FA617D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku C:\Program Files\Opera\launcher.exe [2018-01-22] (Opera Software)
    Task: {B582FA60-912F-4529-94D3-47E5ADBFCE38} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" C:\WINDOWS\explorer.exe /NOUACCHECK
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {4211ffac-cc6e-11e7-9f9b-902b34916770} - "J:\setup.exe"
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {c4fad46a-cf92-11e7-9fa0-902b34916770} - "L:\setup.exe"
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {f7186c82-feda-11e7-a000-902b34916770} - "K:\HiSuiteDownLoader.exe"
    HKLM\...\Providers\l1vlz0bg: C:\Program Files (x86)\Jneghktasp Manager\local64spl.dll Brak pliku http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona]
    ProxyServer: [.DEFAULT] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    RemoveProxy:
    BHO: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
    C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl [2017-08-26]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\Denis\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd
    OPR Extension: (0) - C:\Users\Denis\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd [2017-08-26]
    R2 KMService; C: \ WINDOWS \ SysWOW64 \ srvany.exe [8192 2017-03-26] () [No digital signature]
    R1 wfcre; C: \ WINDOWS \ System32 \ drivers \ wfcre.sys [124288 2017-07-04] ()
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H C: \ Users \ Denis \ AppData \ Local \ BIT7D02.tmp
    2017-03-26 11:34 - 2017-12-16 15:22 - 000000259 _____ () C: \ ProgramData \ fontcacheev1.dat
    2017-03-27 18:34 - 2017-04-03 16:07 - 000000023 _____ () C: \ Users \ Denis \ AppData \ Roaming \ HS.ini
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H () C: \ Users \ Denis \ AppData \ Local \ BIT7D02.tmp
    2017-11-03 20:18 - 2017-11-04 18:54 - 000000000 _____ () C: \ Users \ Denis \ AppData \ Local \ debuggee.mdmp
    EmptyTemp:

    In FRST, select Repair.


    Youndoo - I can't uninstall uninstall

    Added after 19 [minutes]:

    thanks, everything is OK, I close the topic.
  • #10
    polishman694
    Level 7  
    I solved the problem as they wrote on the topic
| New topic