Майнер MicrosoftHost.exe

@viral · Регистрация: 02.05.2017

Author24 — интернет-сервис помощи студентам

"Работал" с файлами в Интернете и судя по всему скачал вирус майнер. Нагружает оперативную память сильно и время от времени нагружает процессор до 100%. Не могу искать решение проблемы в браузере. Когда открываю тематические сайты для решения проблема он ломается и вылетает закрывая все вкладки.

Скачал программу FRST64.exe нажал Scan Получил два файла ниже прилагаю.

@severnyj · 13.02.2021, 18:21

Скачайте, распакуйте и запустите (от имени администратора) эту утилиту.
По окончании всех процедур произойдет перезагрузка системы.

После этого подготовьте новые логи FRST

@viral · 13.02.2021, 19:01 **[ТС]**

Вот новый файл

@severnyj · 13.02.2021, 19:24

Прокси сами настраивали?

ProxyServer: [S-1-5-21-759577711-4104265867-3027164104-1000] => 200.60.16.230:80

Деинсталлируйте следующее ПО:

> Chrome Search (HKLM-x32\...\{2AEF02C3-5159-4C81-A688-8D954F0DEE56}_NewSearch) (Version: - ) <==== ATTENTION
IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.0.2.38 - IObit)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
MediaGet (HKU\S-1-5-21-759577711-4104265867-3027164104-1000\...\MediaGet) (Version: - Banner LLC)
MediaGet (HKU\S-1-5-21-759577711-4104265867-3027164104-500\...\MediaGet) (Version: - Banner LLC)
Кнопка "Яндекс" на панели задач (HKU\S-1-5-21-759577711-4104265867-3027164104-1000\...\YaPinLancher) (Version: 2.0.1.2170 - Яндекс)
Служба автоматического обновления программ (HKU\S-1-5-21-759577711-4104265867-3027164104-500\...\MailRuUpdater) (Version: - Mail.Ru) <==== ATTENTION

Отключите до перезагрузки антивирус.
Выделите следующий код:

Код

Start::
SystemRestore: On
CreateRestorePoint:
HKLM\...\Run: [Realtek HD Audio] => C:\ProgramData\RealtekHD\taskhostw.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {3AFE5F91-7994-49EC-8A1E-58AB3A62B819} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
FF HomepageOverride: Mozilla\Firefox\Profiles\zq9pfk0a.default-1460566525459 -> Disabled: [email]homepage@mail.ru[/email]
FF NewTabOverride: Mozilla\Firefox\Profiles\zq9pfk0a.default-1460566525459 -> Disabled: [email]homepage@mail.ru[/email]
FF NewTabOverride: Mozilla\Firefox\Profiles\zq9pfk0a.default-1460566525459 -> Enabled: [email]search@mail.ru[/email]
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Владимир\AppData\Roaming\Mozilla\Firefox\Profiles\zq9pfk0a.default-1460566525459\Extensions\homepage@mail.ru.xpi [2018-12-01] [UpdateUrl:hxxps://crxmailru.cdnmail.ru/go_ffhp_update.json]
FF Extension: (Поиск Mail.Ru) - C:\Users\Владимир\AppData\Roaming\Mozilla\Firefox\Profiles\zq9pfk0a.default-1460566525459\Extensions\search@mail.ru.xpi [2018-12-01] [UpdateUrl:hxxps://crxmailru.cdnmail.ru/searchff/update.json]
FF user.js: detected! => C:\Users\Владимир\AppData\Roaming\Mozilla\Firefox\Profiles\zq9pfk0a.default-1460566525459\user.js [2019-12-13]
FF user.js: detected! => C:\Users\Владимир\AppData\Roaming\Mozilla\Firefox\Profiles\ym4vshw9.dev-edition-default\user.js [2019-12-13]
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof]
CHR HKLM-x32\...\Chrome\Extension: [echeiocnbggcacegkopjcllmaglbocni]
CHR HKLM-x32\...\Chrome\Extension: [gbjeiekahklbgbfccohipinhgaadijad]
CHR HKLM-x32\...\Chrome\Extension: [gdljkkmghdkckhaogaemgbgdfophkfco]
CHR HKLM-x32\...\Chrome\Extension: [jdfonankhfnhihdcpaagpabbaoclnjfp]
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj]
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd]
S2 qrsvc_1.10.0.9; no ImagePath
S4 bd0001; C:\Windows\SysWOW64\DRIVERS\bd0001.sys [202704 2015-03-27] (Beijing baidu Netcom science and technology co.ltd -> Baidu)
S4 bd0002; C:\Windows\SysWOW64\DRIVERS\bd0002.sys [198600 2015-03-27] (Beijing baidu Netcom science and technology co.ltd -> Baidu)
S4 bd0003; system32\DRIVERS\bd0003.sys [X]
S4 bd0004; system32\DRIVERS\bd0004.sys [X]
S4 BDArKit; system32\DRIVERS\BDArKit.sys [X]
S4 BDFileDefend; system32\DRIVERS\BDFileDefend.sys [X]
S4 BDMNetMon; system32\DRIVERS\BDMNetMon.sys [X]
S4 BDMWrench_x64; system32\DRIVERS\BDMWrench_x64.sys [X]
S4 BDSafeBrowser; system32\DRIVERS\BDSafeBrowser.sys [X]
S4 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
S4 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
2021-02-13 19:40 - 2020-10-03 13:36 - 000000000 ____D C:\Program Files\RDP Wrapper
2021-02-13 19:40 - 2020-09-06 00:54 - 000000000 ____D C:\ProgramData\WindowsTask
ShellIconOverlayIdentifiers: [  00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} =>  -> No File
ShellIconOverlayIdentifiers: [  00BitrixShellExt_A] -> {057E631A-726E-4193-BB37-377DBD42812A} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers: [  00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers: [  00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers: [  00BitrixShellExt_K] -> {86627476-D173-4FBC-B206-3A19447FF8CC} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers: [  00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers: [  00BitrixShellExt_O] -> {8009C378-F2BE-42A6-8ADD-083AAFBDC4EB} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers: [  00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_A] -> {057E631A-726E-4193-BB37-377DBD42812A} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_K] -> {86627476-D173-4FBC-B206-3A19447FF8CC} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_O] -> {8009C378-F2BE-42A6-8ADD-083AAFBDC4EB} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers6: [HamsterLiteMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} =>  -> No File
HKU\S-1-5-21-759577711-4104265867-3027164104-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1438449173&z=1ef5a0cbd2a34758636115dg2zdc0b8z3z9tbgbg6c&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1438449173&z=1ef5a0cbd2a34758636115dg2zdc0b8z3z9tbgbg6c&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1438449173&z=1ef5a0cbd2a34758636115dg2zdc0b8z3z9tbgbg6c&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1438449173&z=1ef5a0cbd2a34758636115dg2zdc0b8z3z9tbgbg6c&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1438449173&z=1ef5a0cbd2a34758636115dg2zdc0b8z3z9tbgbg6c&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1438449173&z=1ef5a0cbd2a34758636115dg2zdc0b8z3z9tbgbg6c&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&q={searchTerms}
HKU\S-1-5-21-759577711-4104265867-3027164104-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1427482088&from=cmi&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&q={searchTerms}
HKU\S-1-5-21-759577711-4104265867-3027164104-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1427482088&from=cmi&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&q={searchTerms}
HKU\S-1-5-21-759577711-4104265867-3027164104-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1438449173&z=1ef5a0cbd2a34758636115dg2zdc0b8z3z9tbgbg6c&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B
HKU\S-1-5-21-759577711-4104265867-3027164104-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1427482088&from=cmi&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&q={searchTerms}
HKU\S-1-5-21-759577711-4104265867-3027164104-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1427487587&from=cmi&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\.DEFAULT -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> 0488EDD91C0BC920C320FAB7A32DDC34 URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> 0CE92ECB15FE87794C0247D055AFCDEC URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> 346326F33BAEE572461BC98053A75E2E URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> 59E83566D115256AC705BD921CEC15A7 URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> 78B1E104ECA1BF3BB76D41FA997A11FA URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> B92646294864B7BA9B7C86B58FB95FF3 URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-759577711-4104265867-3027164104-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST31000524AS_5VP92K6BXXXX5VP92K6B&ts=1438449257&type=default&q={searchTerms}
CMD: netsh advfirewall reset
EmptyTemp:
Reboot:
End::

Скопируйте выделенный текст (правой кнопкой - Копировать).
Запустите FRST (FRST64) от имени администратора.
Нажмите Fix один раз (!) и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.
Компьютер будет перезагружен автоматически.

Подготовьте лог AdwCleaner: https://www.cyberforum.ru/post6500078.html

@severnyj 3931 / 2135 / 355 Регистрация: 04.04.2012 Сообщений: 7,852
	13.02.2021, 18:21	2
	Скачайте, распакуйте и запустите (от имени администратора) эту утилиту. По окончании всех процедур произойдет перезагрузка системы. После этого подготовьте новые логи FRST 0

	13.02.2021, 19:24

Майнер MicrosoftHost.exe

Решение