logo elektroda
logo elektroda
X
logo elektroda
Szukanie Zaawansowane
logo elektroda
REKLAMA
REKLAMA
Adblock/uBlockOrigin/AdGuard mogą powodować znikanie niektórych postów z powodu nowej reguły.

[Rozwiązano] Serwer proxy odrzuca połączenia - brak dostępu do internetu we wszystkich przeglądarkach

anonim1928 08 Sty 2021 11:48 933 2
REKLAMA
Zgłoś naruszenie prawa
| Nowy temat
  • #1 19167537
    anonim1928
    Poziom 2  
    Posty: 2
    Ocena: 1
    Witam.

    Jak wchodzę w przeglądarkę (jakąkolwiek), pisze serwer proxy odrzuca połączenia.
    Dołączam logi z FRST.
    Załączniki:
    • FRST_08-01-2021 11.40.30.txt (48.35 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • Addition_08-01-2021 11.40.30.txt (73.63 KB) Musisz być zalogowany, aby pobrać ten załącznik.
  • REKLAMA
  • Pomocny post
    #2 19167635
    Kolobos
    Spec od komputerów
    Posty: 85156
    Pomógł: 17160
    Ocena: 10424
    Czy to czasem nie Fiddler2 ustawil proxy? Ale i tak masz zainfekowany system.

    Zrob pelny skan przy pomocy mbam oraz adwclenaer i usun to co wykryja (pobierz z bleeping).

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\Run: [GalaxyClient] => [X]
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\Run: [Opera Browser Assistant] => C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\Policies\system: [Shell] <==== UWAGA
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: E - E:\setup.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {0a8b87bb-7f35-11e7-b8cf-80c16ef5e46f} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {1013e169-920a-11e7-8465-80c16ef5e46f} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {1013e16d-920a-11e7-8465-80c16ef5e46f} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {2396c85e-dcc9-11e6-b0a7-80c16ef5e46f} - E:\Setup.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {2e29cec7-d949-11e5-837e-806e6f6e6963} - D:\autorun.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {8b82f94e-4919-11e6-bce0-80c16ef5e46f} - E:\cdstart.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {ceef0e45-9382-11ea-8840-80c16ef5e46f} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {e9d610c9-6813-11ea-8b59-80c16ef5e46f} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\...\MountPoints2: {eb0c904a-cf3b-11e9-9c52-806e6f6e6963} - D:\autorun.exe
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
    IFEO\taskmgr.exe: [Debugger]
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
    Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2016-09-24]
    ShortcutTarget: IMVU.lnk -> C:\Users\Admin\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (Brak pliku)
    GroupPolicy: Ograniczenia ? <==== UWAGA
    GroupPolicy\User: Ograniczenia ? <==== UWAGA
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Task: {280B12C0-B8EC-4B25-A1CD-4EDE4588911D} - System32\Tasks\{101CD829-3062-430D-891E-F35CFDEE6C1C} => C:\Users\Admin\AppData\Roaming\Crystal launcher\launcher.exe
    Task: {2B93D768-F922-4389-AB4D-6393243B3D78} - System32\Tasks\{ED05FB61-1EA2-45B0-8C04-C8B0BAFFDF59} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Desktop\forge-1.7.10-10.13.4.1614-1.7.10-installer-win.exe -d C:\Users\Admin\Desktop
    Task: {32E28895-8158-4626-8C90-F2538E10161A} - System32\Tasks\{D2333A79-0DBE-493E-A138-00A011ED8389} => C:\Users\Admin\AppData\Roaming\Crystal launcher\launcher.exe
    Task: {3DA64AC2-E5D5-4D83-92B7-CBB078773976} - System32\Tasks\{9CE24A2F-5921-4091-9153-B2C34BCCB539} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Desktop\moje bleble\jre-8u201-windows-i586-iftw.exe" -d "C:\Users\Admin\Desktop\moje bleble"
    Task: {47274597-8645-429C-BE43-C51D274E696C} - System32\Tasks\{8A23C444-327F-4B90-B6AB-F8F175ACF8B7} => C:\Users\Admin\AppData\Roaming\Crystal-Launcher\launcher.exe
    Task: {49209684-AACF-4512-9FBE-7FE983FEF07F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {4C79CC1D-DC2F-487B-809E-C0948D941FC3} - System32\Tasks\{DB59FE26-406B-4183-92DF-9A7A389D8236} => C:\Team17\Worms 3D\Launcher.exe
    Task: {635DD5AD-FBCF-4958-BCB0-72BF6CE1667E} - System32\Tasks\{6E2BBF02-212B-401C-8C0D-A9B785531006} => C:\Users\Admin\AppData\Roaming\Crystal launcher\launcher.exe
    Task: {72DA16B3-AF5D-4272-BA19-A20AC14671D1} - System32\Tasks\{23CF548E-BD7C-46BD-8E39-902CA034E420} => C:\Users\Admin\AppData\Roaming\Crystal launcher\launcher.exe
    Task: {770C15D8-F8CD-4378-B7F5-8BCDC1CD24FA} - System32\Tasks\{6DE6FBAD-035A-4DEC-AD10-C346456E0C17} => C:\Users\Admin\AppData\Roaming\Crystal launcher\launcher.exe
    Task: {7BEA61A1-6CA9-4EAD-BE06-49044AB52C68} - System32\Tasks\Opera scheduled Autoupdate 1593865517 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe [1776664 2020-12-16] (Opera Software AS -> Opera Software)
    Task: {7E3F2AFE-D67C-48FA-B0BD-2C677CDDE4E3} - System32\Tasks\{9D00FA34-01D5-4A63-93FC-ABF0285EF8A3} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\15.58-nforce-winvista-win7-64bit-international-whql.exe -d C:\Users\Admin\Downloads
    Task: {85637179-D7F5-4215-AD25-501B47EF40B2} - System32\Tasks\{316BDC1B-1056-4888-891C-60B104B3FEAB} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Desktop\forge-1.7.10-10.13.4.1614-1.7.10-installer-win.exe -d C:\Users\Admin\Desktop
    Task: {9A09A0CD-8008-497D-A9B2-3278882D4AC9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {A5DF3B3F-FEC3-42F8-88B6-12AD1F6936C8} - System32\Tasks\{B0C8B82B-805C-4B82-9FC5-6366B8067BF3} => C:\Windows\system32\pcalua.exe -a C:\Intel\3DVision_186.18.exe -d C:\Intel
    Task: {AD15C6E7-9ACC-41D9-ABF9-B1768DDD27CA} - System32\Tasks\Opera scheduled assistant Autoupdate 1593865520 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe [1776664 2020-12-16] (Opera Software AS -> Opera Software)
    Task: {B933EC23-D57B-4010-BBAF-AB0E6B721C6E} - System32\Tasks\{8668EAB5-7421-4EC3-B5A8-D1CF9C3F9E5F} => C:\Users\Admin\AppData\Roaming\Crystal-Launcher\CrystalLauncher.exe
    Task: {BA9DCCB6-EB0D-4D08-BC02-F57BAE114AFA} - System32\Tasks\{8E5B2395-3CC7-4C16-B46A-66A3DB6E54F6} => C:\Program Files (x86)\Assassin's Creed III\AC3SP.exe
    Task: {CCDF1E58-D978-45FF-927E-993383669E2B} - System32\Tasks\{F8C4FAAA-DE2D-4883-95EF-A8CFEAAFD4EA} => C:\Users\Admin\AppData\Roaming\Crystal-Launcher\launcher.exe
    Task: {D1D6F65C-3F5E-478C-B29B-34E30C6BF477} - System32\Tasks\{4AC10F7D-70A4-4E72-BA06-172E429025C3} => C:\Users\Admin\AppData\Roaming\Crystal-Launcher\launcher.exe
    ProxyEnable: [S-1-5-21-957842440-1105202215-4259880615-1000] => Proxy [funkcja włączona]
    ProxyServer: [S-1-5-21-957842440-1105202215-4259880615-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888
    ManualProxies: 1http=127.0.0.1:8888;https=127.0.0.1:8888
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.myplaycity.com/
    HKU\S-1-5-21-957842440-1105202215-4259880615-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nav-pl.com/
    SearchScopes: HKU\S-1-5-21-957842440-1105202215-4259880615-1000 -> DefaultScope {7EA946A9-FA86-471F-8B9A-0FB29AA89B62} URL = hxxp://www.nav-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-957842440-1105202215-4259880615-1000 -> {7EA946A9-FA86-471F-8B9A-0FB29AA89B62} URL = hxxp://www.nav-pl.com/search?q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll => Brak pliku
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll => Brak pliku
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Brak pliku
    FF Extension: (Brak nazwy) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ochma40m.default\extensions\arthurj8283@gmail.com [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Program Files\McAfee\WebAdvisore10ssaffplg.xpi [nie znaleziono]
    FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Firefox\Firefox\Profiles\ochma40m.default\user.js [2016-11-13]
    FF Homepage: Firefox\Firefox\Profiles\ochma40m.default -> hxxp://www.nicesearches.com?type=hp&ts=1477988407&from=d1580002&uid=hitachixhds721050cla660_jp1572fl1zmb7k1zmb7kx&z=4b072e4277655b873a1f996g9z0m7mct0b1b0z3e3q
    FF NewTab: Firefox\Firefox\Profiles\ochma40m.default -> hxxp://www.nicesearches.com?type=hp&ts=1477988407&from=d1580002&uid=hitachixhds721050cla660_jp1572fl1zmb7k1zmb7kx&z=4b072e4277655b873a1f996g9z0m7mct0b1b0z3e3q
    CHR HKU\S-1-5-21-957842440-1105202215-4259880615-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    RemoveProxy:
    R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Windows -> Microsoft Corporation) [DependOnService: ]<==== UWAGA
    S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
    S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
    S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
    S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
    S3 NTIOLib_DVDSetup; \??\D:\NTIOLib_X64.sys [X]
    U2 snare; Brak ImagePath
    2015-10-02 16:39 - 2015-10-02 16:39 - 001693408 ____R (Clickteam) C:\Users\Admin\ic.exe
    2015-02-02 18:46 - 2007-08-27 13:46 - 000006120 ____R () C:\Users\Admin\settings.dat
    2017-02-24 14:33 - 2017-05-09 21:19 - 000169654 _____ () C:\Program Files (x86)\metadata
    2017-02-24 14:33 - 2017-05-09 17:48 - 000000040 _____ () C:\Program Files (x86)\settings.dat
    2016-07-13 07:57 - 2016-07-13 07:57 - 007102976 _____ () C:\Users\Admin\AppData\Roaming\agent.dat
    2016-07-13 07:57 - 2016-07-13 07:57 - 000067968 _____ () C:\Users\Admin\AppData\Roaming\Config.xml
    2016-07-13 07:57 - 2016-07-13 07:57 - 000128512 _____ () C:\Users\Admin\AppData\Roaming\Installer.dat
  • #3 19167805
    anonim1928
    Poziom 2  
    Posty: 2
    Ocena: 1
    Dziękuje za pomoc.
    Działa.
| Nowy temat
Zgłoś naruszenie prawa
REKLAMA