logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

[Solved] Windows 10 Pro Auto-Settings Proxy Address & Entry: http=127.0.0.1:8080; https=127.0.0.1:8080

polishman694 3885 9
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
| New topic
  • #1 17023848
    polishman694
    Level 7  
    In the attachment there is a picture of the Windows 10 pro screen and each time something sets the address at: http = 127.0.0.1: 8080; https = 127.0.0.1: 8080 and the entry at the address is set to:
    Attachments:
  • ADVERTISEMENT
  • ADVERTISEMENT
  • ADVERTISEMENT
  • #4 17023922
    RADU23
    Moderator of Computers service
    In the directory where the program is located. See C: \ FRST
  • #6 17024062
    Kolobos
    IT specialist
    Instaluj zainfekowane aktywatory, narzekaj, ze "system" ustawia proxy...

    Odinstaluj:
    RunBooster
    youndoo - Uninstall

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-3334278068-2120902769-2795021655-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9A1A3B2A067D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    Task: {2AC0384B-C44C-4CB3-BDCC-FFE4B0FA617D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku C:\Program Files\Opera\launcher.exe [2018-01-22] (Opera Software)
    Task: {B582FA60-912F-4529-94D3-47E5ADBFCE38} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" C:\WINDOWS\explorer.exe /NOUACCHECK
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {4211ffac-cc6e-11e7-9f9b-902b34916770} - "J:\setup.exe"
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {c4fad46a-cf92-11e7-9fa0-902b34916770} - "L:\setup.exe"
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {f7186c82-feda-11e7-a000-902b34916770} - "K:\HiSuiteDownLoader.exe"
    HKLM\...\Providers\l1vlz0bg: C:\Program Files (x86)\Jneghktasp Manager\local64spl.dll Brak pliku http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona]
    ProxyServer: [.DEFAULT] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    RemoveProxy:
    BHO: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
    C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl [2017-08-26]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\Denis\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd
    OPR Extension: (0) - C:\Users\Denis\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd [2017-08-26]
    R2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2017-03-26] () [Brak podpisu cyfrowego]
    R1 wfcre; C:\WINDOWS\System32\drivers\wfcre.sys [124288 2017-07-04] ()
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H C:\Users\Denis\AppData\Local\BIT7D02.tmp
    2017-03-26 11:34 - 2017-12-16 15:22 - 000000259 _____ () C:\ProgramData\fontcacheev1.dat
    2017-03-27 18:34 - 2017-04-03 16:07 - 000000023 _____ () C:\Users\Denis\AppData\Roaming\HS.ini
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H () C:\Users\Denis\AppData\Local\BIT7D02.tmp
    2017-11-03 20:18 - 2017-11-04 18:54 - 000000000 _____ () C:\Users\Denis\AppData\Local\debuggee.mdmp
    EmptyTemp:

    W FRST wybierz Napraw.
  • #7 17024077
    safbot1st
    Level 43  
    Uninstall RunBooster and youndoo. Are you knowingly using the "GamerHash" remote excavator ???
    Open the system notebook and paste: [code:1:31dc48bf62]
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona]
    ProxyServer: [.DEFAULT] => http=127.0.0.1:8080;https=127.0.0.1:8080
    Hosts:
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{9a30cac2-73b7-4647-9f1a-eca4b8393b12}: [DhcpNameServer] 192.168.2.23
    Tcpip\..\Interfaces\{b1fcf892-2802-45d0-9a59-edc5ca72ad8e}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{e7103d77-5fe9-48de-b1b6-1279b0ee56ad}: [DhcpNameServer] 192.168.2.1
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    BHO: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    2017-03-27 18:34 - 2017-04-03 16:07 - 000000023 _____ () C:\Users\Denis\AppData\Roaming\HS.ini
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H () C:\Users\Denis\AppData\Local\BIT7D02.tmp
    2017-11-03 20:18 - 2017-11-04 18:54 - 000000000 _____ () C:\Users\Denis\AppData\Local\debuggee.mdmp
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 _____ () C:\Users\Denis\AppData\Local\{FD3E904F-A32A-4813-AB4F-86D1C409B710}
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden %%systemroot%%\system32\shell32.dll => Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    Task: {2AC0384B-C44C-4CB3-BDCC-FFE4B0FA617D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini"
  • ADVERTISEMENT
  • Helpful post
    #8 17024118
    Kolobos
    IT specialist
    > I didn't know that, is it necessary?

    Yes -> https://www.fixitpc.pl/topic/23904-frst-tutorial-obs%C5%82ugi-farbar-recovery-scan-tool/

    > Additionally, I found such a tease. You have to turn off "hidden" to be able to uninstall.

    This is just a blank entry, the infection is no longer in the logs.

    The excavator will probably be scrapped, but we'll see what the author writes.
  • #9 17024482
    polishman694
    Level 7  
    Kolobos wrote:
    Instaluj zainfekowane aktywatory, narzekaj, ze "system" ustawia proxy...

    Odinstaluj:
    RunBooster
    youndoo - Uninstall

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-3334278068-2120902769-2795021655-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9A1A3B2A067D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    Task: {2AC0384B-C44C-4CB3-BDCC-FFE4B0FA617D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku C:\Program Files\Opera\launcher.exe [2018-01-22] (Opera Software)
    Task: {B582FA60-912F-4529-94D3-47E5ADBFCE38} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" C:\WINDOWS\explorer.exe /NOUACCHECK
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {4211ffac-cc6e-11e7-9f9b-902b34916770} - "J:\setup.exe"
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {c4fad46a-cf92-11e7-9fa0-902b34916770} - "L:\setup.exe"
    HKU\S-1-5-21-3334278068-2120902769-2795021655-1001\...\MountPoints2: {f7186c82-feda-11e7-a000-902b34916770} - "K:\HiSuiteDownLoader.exe"
    HKLM\...\Providers\l1vlz0bg: C:\Program Files (x86)\Jneghktasp Manager\local64spl.dll Brak pliku http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona]
    ProxyServer: [.DEFAULT] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    RemoveProxy:
    BHO: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku
    C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl [2017-08-26]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\Denis\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd
    OPR Extension: (0) - C:\Users\Denis\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd [2017-08-26]
    R2 KMService; C: \ WINDOWS \ SysWOW64 \ srvany.exe [8192 2017-03-26] () [No digital signature]
    R1 wfcre; C: \ WINDOWS \ System32 \ drivers \ wfcre.sys [124288 2017-07-04] ()
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H C: \ Users \ Denis \ AppData \ Local \ BIT7D02.tmp
    2017-03-26 11:34 - 2017-12-16 15:22 - 000000259 _____ () C: \ ProgramData \ fontcacheev1.dat
    2017-03-27 18:34 - 2017-04-03 16:07 - 000000023 _____ () C: \ Users \ Denis \ AppData \ Roaming \ HS.ini
    2018-01-12 21:12 - 2018-01-12 21:12 - 000000000 ____H () C: \ Users \ Denis \ AppData \ Local \ BIT7D02.tmp
    2017-11-03 20:18 - 2017-11-04 18:54 - 000000000 _____ () C: \ Users \ Denis \ AppData \ Local \ debuggee.mdmp
    EmptyTemp:

    In FRST, select Repair.


    Youndoo - I can't uninstall uninstall

    Added after 19 [minutes]:

    thanks, everything is OK, I close the topic.
  • #10 17024532
    polishman694
    Level 7  
    I solved the problem as they wrote on the topic
| New topic
Report a violation of the law

Topic summary

The discussion revolves around an issue with Windows 10 Pro where the proxy settings are automatically set to http=127.0.0.1:8080 and https=127.0.0.1:8080. Users are advised to download the Farbar Recovery Scan Tool (FRST) to diagnose the problem. It is suggested to uninstall potentially harmful software such as RunBooster and youndoo, which may be causing the proxy settings to change. Users are guided on how to locate the FRST files and create a Fixlist.txt to address the issue. The conversation concludes with the original poster successfully resolving the problem by following the provided instructions.
Summary generated by the language model.
ADVERTISEMENT