Mọi người giúp loại bỏ con này với!

[Thien]

[IMG2=JSON]{"data-align":"none","data-size":"custom","src":"https://whitehat.vn/filedata/fetch?photoid=60526"}[/IMG2]




Máy em thường xuyên báo như thế này nhưng quét hay tìm đều 0 thấy nó là cái gì!
Mọi người giúp em loại bỏ nó với!

 

Bạn tải công cụ sau và quét thử nhé: https://toolslib.net/downloads/finish/1/

Nếu sau khi quét vẫn chưa hết bạn báo lại và mô tả kĩ, chi tiết hơn để anh em tiện hỗ trợ nhé.

 

em sẽ thử, cảm ơn anh!

 

Bạn tải công cụ sau và quét thử nhé: https://toolslib.net/downloads/finish/1/

Nếu sau khi quét vẫn chưa hết bạn báo lại và mô tả kĩ, chi tiết hơn để anh em tiện hỗ trợ nhé.[/Hide]

Em đã làm theo anh nhưng vẫn bị thế, không làm gì nhưng nó vẫn thông báo thế (kiễu như nó chạy ngầm ở d0âu đó vậy)
:-SS:-SS:-SS:-SS

:-SS
Mọi người giúp em với!

 

Ban ơi ! Mình cũng bị như thế rồi , sửa mik cx đã sửa r

 

Thien:

1. Bạn truy cập địa chỉ: chrome://extensions/ trên Chrome và chụp lại danh sách extensions và gửi lên.
2. Vào mục Programs and Features chụp lại danh sách chương trình và up lên.
3. Bạn tìm file log có dạng C:AdwCleaner[**].txt và up lên.
4. Nếu máy bạn là win 32 bit thì tải link này, win 64 bit thì tải link này rồi lưu tại Desktop sau đó chạy lên, check như hình rồi Scan. Sau khi scan xong thì up file FRST.txt lên.

 

đây là những cái anh bảo @};-

AdwCleaner và FRST
​


​

 

đây là những cái anh bảo @};-

AdwCleaner và FRST
​


​

Lỗi ko hiển thị ảnh rồi bạn ơi

 

Bạn thử tải Bkav Home về cài và quét toàn bộ máy tính xem thế nào http://www.bkav.com.vn/bkav-home

 

Thien: mình đã xem qua log, bây giờ bạn tải công cụ này sau đó tắt các chương trình đang chạy và quét bằng công cụ vừa tải > khởi động lại máy xem còn hiện tượng trên không. Nếu không thì làm lại mục số 4 ở #6 nhé.

 

Cảm ơn anh! Em sẽ thử xem!

 

Cảm ơn anh! Em sẽ thử xem!

Nếu không được, cho xin connect giúp bạn kiểm tra

 

máy m cũng bị như thế này. Đầu tiên, nó cứ tự động cài 1 số phần mềm + mở 1 loạt các tap quảng cáo . M thử gỡ bỏ thì ko hết đc hoàn toàn . khởi động lại máy là lại bị nhưng đỡ đơ máy hơn. Mong mọi người chỉ cho cách xử lý với ạ. xin cảm ơn.
đây là FRST :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2016
Ran by bb (administrator) on BB-PC (01-12-2016 12:56:04)
Running from C:UsersbDownloads
Loaded Profiles: bb (Available Profiles: bb)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(360.cn) Crogram Files360360SafedeepscanhuDongFangYu.exe
(Microsoft Corporation) C:WindowsSystem32wlanext.exe
(AVAST Software) Crogram FilesAVAST SoftwareAvastAvastSvc.exe
(TC61WYC) C:UsersbAppDataLocalTempQN0B2ND4UQ.exe
(TC61WYC) C:UsersbAppDataLocalTempQA8OX702KZ.exe
(TC61WYC) C:UsersbAppDataLocalTempNM36P376YY.exe
(Realtek Semiconductor) Crogram FilesRealtekAudioHDARtkNGUI.exe
(Intel Corporation) C:WindowsSystem32igfxtray.exe
(Intel Corporation) C:WindowsSystem32hkcmd.exe
(Intel Corporation) C:WindowsSystem32igfxpers.exe
(Synaptics Incorporated) Crogram FilesSynapticsSynTPSynTPEnh.exe
(Microsoft Corporation) Crogram FilesMicrosoft OfficeOffice12GrooveMonitor.exe
(clean) C:UsersbAppDataRoamingUPUpdatacleaner.exe
(Synaptics Incorporated) Crogram FilesSynapticsSynTPSynTPHelper.exe
(AVAST Software) Crogram FilesAVAST SoftwareAvastavastui.exe
(Andrea Electronics Corporation) Crogram FilesRealtekAudioHDAAERTSrv.exe
(Foxit Software Inc.) Crogram FilesFoxit SoftwareFoxit ReaderFoxit CloudFCUpdateService.exe
(Tonec Inc.) Crogram FilesInternet Download ManagerIDMan.exe
() C:UsersbAppDataLocalTempis-3E5DG.tmppopwnd.exe
() C:UsersbAppDataLocalTempWGVA61XEZBcaster.exe
() C:UsersbAppDataLocalTempIKRNQW4KY5caster.exe
() C:UsersbAppDataLocalTempXXQ4DTX6NI.exe
() Crogram FilesNJPBJ3HT0XNJPBJ3HT0.exe
(Tonec Inc.) Crogram FilesInternet Download ManagerIEMonitor.exe
() C:UsersbAppDataLocalTempCLGYMWLFK2caster.exe
() C:UsersbAppDataLocalTempK2HIUR3NP9.exe
() C:UsersbAppDataLocalTempWDDEKLEMLWDDEKLEML.exe
() Crogram Files87RLU4S3CMSZMM27UO5.exe
() C:UsersbAppDataLocalTemp2IIJE15LEEcaster.exe
() C:UsersbAppDataLocalTempKOPWPAQLFI.exe
() C:UsersbAppDataLocalTempH96SYINWAH96SYINWA.exe
() C:UsersbAppDataLocalTempS4FRGIDZQS4FRGIDZQ.exe
() C:UsersbAppDataLocalTempRUMSG4DWHI.exe
() C:UsersbAppDataLocalTempF5ZWXONA7F5ZWXONA7.exe
(IObit) Crogram FilesIObitIObit UninstallerUninstallMonitor.exe
(联想软件) Crogram FilesLenovoLsfLsfHelper.exe
(联想软件) Crogram FilesLenovoLsfLsf.exe
(Microsoft Corporation) C:WindowsSystem32Locator.exe
() D:ko xoaUniKey.exe
(Itim Technologies Co., Ltd.) C:UsersbAppDataLocalCocCocBrowserApplicationrowser.exe
(Itim Technologies Co., Ltd.) C:UsersbAppDataLocalCocCocBrowserApplicationrowser.exe
(Itim Technologies Co., Ltd.) C:UsersbAppDataLocalCocCocBrowserApplicationrowser.exe
(Itim Technologies Co., Ltd.) C:UsersbAppDataLocalCocCocBrowserApplicationrowser.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...Run: [RTHDVCPL] => Crogram FilesRealtekAudioHDARtkNGUI.exe [6253160 2011-09-15] (Realtek Semiconductor)
HKLM...Run: [SynTPEnh] => Crogram FilesSynapticsSynTPSynTPEnh.exe [2286888 2011-08-20] (Synaptics Incorporated)
HKLM...Run: [GrooveMonitor] => Crogram FilesMicrosoft OfficeOffice12GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM...Run: [cleaner] => C:UsersbAppDataRoamingUPUpdatacleaner.exe [1052672 2016-12-01] (clean) Crogram Files360360Safesafemon360Tray.exe [395688 2016-08-08] (360.cn)
HKLM...Run: [AvastUI.exe] => Crogram FilesAVAST SoftwareAvastAvastUI.exe [9080768 2016-12-01] (AVAST Software)
HKLM...RunOnce: [OMEWPRODUCT_NR4T1] => C:UsersbAppDataLocalTempQN0B2ND4UQ.exe [575488 2016-12-01] (TC61WYC) C:UsersbAppDataLocalTempQA8OX702KZ.exe [575488 2016-12-01] (TC61WYC) C:UsersbAppDataLocalTempNM36P376YY.exe [575488 2016-12-01] (TC61WYC) C:UsersbAppDataLocalCocCocUpdateCocCocUpdate.exe [145216 2016-11-22] (Itim Technologies Co., Ltd.)
HKUS-1-5-21-2810402008-1773092572-2205188405-1000...Run: [IDMan] => Crogram FilesInternet Download ManagerIDMan.exe [3565432 2013-01-29] (Tonec Inc.)
HKUS-1-5-21-2810402008-1773092572-2205188405-1000...Run: [msiql] => C:UsersbAppDataLocalTempis-3E5DG.tmppopwnd.exe [1883648 2016-11-03] () C:UsersbAppDataLocalTempWGVA61XEZBcaster.exe [369664 2016-12-01] () CrogramDataWindowsMsgChrome.exe [4212736 2016-11-17] ()
HKUS-1-5-21-2810402008-1773092572-2205188405-1000...Run: [G3IDHX89UQ] => C:UsersbAppDataLocalTempIKRNQW4KY5caster.exe [369664 2016-12-01] () C:UsersbAppDataLocalTempXXQ4DTX6NI.exe [369664 2016-12-01] () Crogram FilesNJPBJ3HT0XNJPBJ3HT0.exe [369664 2016-12-01] ()
HKUS-1-5-21-2810402008-1773092572-2205188405-1000...Run: [AVV1A13DQX] => C:UsersbAppDataLocalTempCLGYMWLFK2caster.exe [369664 2016-12-01] () C:UsersbAppDataLocalTempK2HIUR3NP9.exe [369664 2016-12-01] () C:UsersbAppDataLocalTempWDDEKLEMLWDDEKLEML.exe [369664 2016-12-01] () Crogram Files87RLU4S3CMSZMM27UO5.exe [369664 2016-12-01] ()
HKUS-1-5-21-2810402008-1773092572-2205188405-1000...Run: [3067TC86XP] => C:UsersbAppDataLocalTemp2IIJE15LEEcaster.exe [369664 2016-12-01] () C:UsersbAppDataLocalTempKOPWPAQLFI.exe [369664 2016-12-01] () C:UsersbAppDataLocalTempH96SYINWAH96SYINWA.exe [369664 2016-12-01] () C:UsersbAppDataLocalTempS4FRGIDZQS4FRGIDZQ.exe [369664 2016-12-01] () C:UsersbAppDataLocalTempRUMSG4DWHI.exe [369664 2016-12-01] () C:UsersbAppDataLocalTempF5ZWXONA7F5ZWXONA7.exe [369664 2016-12-01] () {CC00F81D-5262-450A-B1FA-D6BEE3406263} => Crogram Files360360Safesafemon360UDiskGuard.dll [2016-03-24] (360.cn)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Crogram FilesAVAST SoftwareAvastashShell.dll [2016-12-01] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => Crogram FilesInternet Download ManagerIDMShellExt.dll [2012-11-16] (Tonec Inc.)
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => Crogram FilesKuaiZipX86KZipShell.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
TcpipParameters: [DhcpNameServer] 203.113.131.2 203.113.131.3
Tcpip..Interfaces{87DDCC68-CAA7-419A-BE83-9F0510CAED9C}: [DhcpNameServer] 203.113.131.2 203.113.131.3

Internet Explorer:
==================
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvYf4tO-WmX4O3JChF32oSh4mItjYt1-k3u3rbG5ZCGzKm82-3ZaoMrgGIXVa7lP8dvtl28eZfeYT7W8zVc33kqOTL6IEszPthUCI4fKiojP89LTO6TlipdAkFiYak-T2K22DJk1qIMDioxC8SmzjThHonJafkOPBc70jFI77&q={searchTerms}
SearchScopes: HKUS-1-5-21-2810402008-1773092572-2205188405-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvYf4tO-WmX4O3JChF32oSh4mItjYt1-k3u3rbG5ZCGzKm82-3ZaoMrgGIXVa7lP8dvtl28eZfeYT7W8zVc33kqOTL6IEszPthUCI4fKiojP89LTO6TlipdAkFiYak-T2K22DJk1qIMDioxC8SmzjThHonJafkOPBc70jFI77&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> Crogram FilesInternet Download ManagerIDMIECC.dll [2013-01-29] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> Crogram FilesIObitIObit UninstallerUninstallExplorer.dll [2016-05-23] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Crogram FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Crogram FilesAVAST SoftwareAvastaswWebRepIE.dll [2016-12-01] (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Crogram FilesMicrosoft OfficeOffice12GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF HKLM...FirefoxExtensions: [[email protected]] - Crogram FilesAVAST SoftwareAvastSafePriceFF
FF Extension: (Avast SafePrice) - Crogram FilesAVAST SoftwareAvastSafePriceFF [2016-12-01]
FF HKLM...FirefoxExtensions: [[email protected]] - Crogram FilesAVAST SoftwareAvastWebRepFF
FF Extension: (Avast Online Security) - Crogram FilesAVAST SoftwareAvastWebRepFF [2016-12-01]
FF HKUS-1-5-21-2810402008-1773092572-2205188405-1000...SeaMonkeyExtensions: [[email protected]] - C:UsersbAppDataRoamingIDMidmmzcc5
FF Extension: (IDM CC) - C:UsersbAppDataRoamingIDMidmmzcc5 [2016-12-01] [not signed]
FF Plugin: @tools.google.com/Google Update;version=3 -> Crogram FilesGoogleUpdate1.3.31.5
pGoogleUpdate3.dll [2016-12-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> Crogram FilesGoogleUpdate1.3.31.5
pGoogleUpdate3.dll [2016-12-01] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.youndoo.com/?z=e23fa4d8547ceae2b30428fg6z6bae1w5w1q1t4c1t&from=wak&uid=HitachiXHTS543232A7A384_E20342430VVDJJ0VVDJJX&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.youndoo.com/?z=e23fa4d8547ceae2b30428fg6z6bae1w5w1q1t4c1t&from=wak&uid=HitachiXHTS543232A7A384_E20342430VVDJJ0VVDJJX&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.youndoo.com/search/?q={searchTerms}&z=e23fa4d8547ceae2b30428fg6z6bae1w5w1q1t4c1t&from=wak&uid=HitachiXHTS543232A7A384_E20342430VVDJJ0VVDJJX&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> youndoo
CHR Profile: C:UsersbAppDataLocalGoogleChromeUser DataChromeDefaultData [2016-12-01] File is digitally signed
C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:Windowssystem32
pcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signed


LastRegBack: 2016-11-29 22:15

==================== End of FRST.txt ============================

Addition
[QUOTEAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2016
Ran by bb (01-12-2016 12:56:56)
Running from C:UsersbDownloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-11-21 17:04:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2810402008-1773092572-2205188405-500 - Administrator - Disabled)
bb (S-1-5-21-2810402008-1773092572-2205188405-1000 - Administrator - Enabled) => C:Usersb
Guest (S-1-5-21-2810402008-1773092572-2205188405-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: 360安全卫士 (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Atheros Driver Installation Program (HKLM...{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avast Free Antivirus (HKLM...Avast) (Version: 12.3.2280 - AVAST Software)
Cisco EAP-FAST Module (HKLM...{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM...{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM...{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
cleaner 1.0.1 (HKLM...cleaner) (Version: - cleaner) C:UsersbAppDataLocalCocCocUpdate1.3.31.0psuser.dll => No File
CustomCLSID: HKUS-1-5-21-2810402008-1773092572-2205188405-1000_ClassesCLSID{0A039001-050F-4ADA-AD8B-F2E5C9615B45}InprocServer32 -> C:UsersbAppDataLocalCocCocUpdate1.3.31.0psuser.dll => No File
CustomCLSID: HKUS-1-5-21-2810402008-1773092572-2205188405-1000_ClassesCLSID{69279211-FE09-4A3B-9B32-E661957D9EA3}localserver32 -> "C:UsersbAppDataLocalCocCocUpdate1.3.31.0CocCocUpdateOnDemand.exe" => No File
CustomCLSID: HKUS-1-5-21-2810402008-1773092572-2205188405-1000_ClassesCLSID{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}localserver32 -> C:UsersbAppDataLocalCocCocBrowserApplication27.0.1453.119delegate_execute.exe (Itim Technologies Co., Ltd.)
CustomCLSID: HKUS-1-5-21-2810402008-1773092572-2205188405-1000_ClassesCLSID{A4F10457-0600-4470-9A22-AD99E26F7AD2}localserver32 -> C:UsersbAppDataLocalCocCocUpdateCocCocUpdate.exe (Itim Technologies Co., Ltd.)
CustomCLSID: HKUS-1-5-21-2810402008-1773092572-2205188405-1000_ClassesCLSID{CCBB641B-0D24-451C-9638-2DE0D4B5ED5F}localserver32 -> "C:UsersbAppDataLocalCocCocUpdate1.3.31.0CocCocUpdateOnDemand.exe" => No File
CustomCLSID: HKUS-1-5-21-2810402008-1773092572-2205188405-1000_ClassesCLSID{DFFF09FD-4FB6-4CF2-A855-3EACD48881FA}localserver32 -> "C:UsersbAppDataLocalCocCocUpdate1.3.31.0CocCocUpdateOnDemand.exe" => No File
CustomCLSID: HKUS-1-5-21-2810402008-1773092572-2205188405-1000_ClassesCLSID{F34D723C-FA54-43D8-9C05-574D28672153}localserver32 -> "C:UsersbAppDataLocalCocCocUpdate1.3.31.0CocCocUpdateOnDemand.exe" => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {085CE44B-A524-4DAE-9DD3-5AE6F5F74416} - System32TasksCocCocUpdateTaskUserS-1-5-21-2810402008-1773092572-2205188405-1000Core => C:UsersbAppDataLocalCocCocUpdateCocCocUpdate.exe [2016-11-22] (Itim Technologies Co., Ltd.)
Task: {0B3C8019-7D25-4BB7-9869-E46B1577EBE0} - System32TasksLenovo LSF Task => Crogram FilesLenovoLsfLsfHelper.exe [2016-10-14] (联想软件)
Task: {184B3008-399D-4CAB-8BD0-77064C6D6DA6} - System32TasksosTip => Chrome.exe Crogram FilesGoogleUpdateGoogleUpdate.exe [2016-12-01] (Google Inc.)
Task: {7CC17908-A955-4BA3-BACB-C3A9137A6840} - System32Tasksaslyqft Center => Crogram FilesWokwardviqitjohoward.exe
Task: {80FAB84D-7FED-47D9-AF3A-DEAFE098C3E3} - System32TasksGoogleUpdateTaskMachineUA => Crogram FilesGoogleUpdateGoogleUpdate.exe [2016-12-01] (Google Inc.)
Task: {CBCAB096-F82E-4874-A63C-7F604E65C3F9} - System32TasksCocCocUpdateTaskUserS-1-5-21-2810402008-1773092572-2205188405-1000UA => C:UsersbAppDataLocalCocCocUpdateCocCocUpdate.exe [2016-11-22] (Itim Technologies Co., Ltd.)
Task: {ED7EB002-5A94-49BE-9154-34C104BC1CFE} - System32Tasksffd440160af128d1dc349689b2edd9f8 => Rundll32.exe "Crogram FilesWindows Media Playery8pv1q.dll",e62dc6c6547f46bda862da2d05af6862 Crogram FilesLuDaShiComputerZTray.exe Crogram FilesAVAST SoftwareAvastAvastEmUpdate.exe
Task: C:WindowsTasksCocCocUpdateTaskUserS-1-5-21-2810402008-1773092572-2205188405-1000Core.job => C:UsersbAppDataLocalCocCocUpdateCocCocUpdate.exe
Task: C:WindowsTasksCocCocUpdateTaskUserS-1-5-21-2810402008-1773092572-2205188405-1000UA.job => C:UsersbAppDataLocalCocCocUpdateCocCocUpdate.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineCore.job => Crogram FilesGoogleUpdateGoogleUpdate.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineCore1d24b907517119c.job => Crogram FilesGoogleUpdateGoogleUpdate.exe
Task: C:WindowsTasksosTip.job => CrogramDataWindowsMsgChrome.exe bb ጃ 0߬ Crogram FilesAVAST SoftwareSZBrowserlauncher.exe
Task: C:WindowsTasksUninstaller_SkipUac_bb.job => Crogram FilesIObitIObit UninstallerIObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: Crogram FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> hxxp://yeabd66.cc/
ShortcutWithArgument: C:UsersbAppDataRoamingMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk -> Crogram FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> hxxp://yeabd66.cc/
ShortcutWithArgument: C:UsersbAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarInternet Explorer.lnk -> Crogram FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> hxxp://yeabd66.cc/

==================== Loaded Modules (Whitelisted) ==============

2016-12-01 09:12 - 2016-11-10 00:25 - 00645032 _____ () Crogram Files360360SafesafemonSafehmpg.dll
2015-01-21 15:32 - 2015-01-21 15:32 - 00098416 _____ () Crogram Files360360Safe360verify.dll
2013-02-21 14:09 - 2006-04-19 06:53 - 00188416 _____ () D:ko xoaUKHook40.dll
2016-12-01 11:39 - 2016-12-01 11:39 - 00169064 _____ () Crogram FilesAVAST SoftwareAvastJsonRpcServer.dll
2016-12-01 11:45 - 2016-12-01 11:45 - 03133960 _____ () Crogram FilesAVAST SoftwareAvastdefs16113000algo.dll
2016-12-01 11:39 - 2016-12-01 11:39 - 00482928 _____ () Crogram FilesAVAST SoftwareAvastffl2.dll
2011-06-26 18:16 - 2011-06-26 18:16 - 00094208 _____ () C:WindowsSystem32IccLibDll.dll
2016-12-01 11:39 - 2016-12-01 11:39 - 48936448 _____ () Crogram FilesAVAST SoftwareAvastlibcef.dll
2016-12-01 08:51 - 2016-11-03 10:51 - 01883648 _____ () C:UsersbAppDataLocalTempis-3E5DG.tmppopwnd.exe
2016-12-01 08:51 - 2016-12-01 08:51 - 00369664 _____ () C:UsersbAppDataLocalTempWGVA61XEZBcaster.exe
2016-12-01 08:49 - 2016-12-01 08:48 - 00125952 _____ () C:UsersbAppDataRoamingMiruchVerroph.dll
2016-12-01 10:05 - 2016-12-01 10:05 - 00369664 _____ () C:UsersbAppDataLocalTempIKRNQW4KY5caster.exe
2016-12-01 10:25 - 2016-12-01 10:25 - 00369664 _____ () C:UsersbAppDataLocalTempXXQ4DTX6NI.exe
2016-12-01 10:30 - 2016-12-01 10:30 - 00369664 _____ () Crogram FilesNJPBJ3HT0XNJPBJ3HT0.exe
2016-12-01 10:34 - 2016-12-01 10:34 - 00369664 _____ () C:UsersbAppDataLocalTempCLGYMWLFK2caster.exe
2016-12-01 10:34 - 2016-12-01 10:34 - 00369664 _____ () C:UsersbAppDataLocalTempK2HIUR3NP9.exe
2016-12-01 10:36 - 2016-12-01 10:36 - 00369664 _____ () C:UsersbAppDataLocalTempWDDEKLEMLWDDEKLEML.exe
2016-12-01 10:37 - 2016-12-01 10:37 - 00369664 _____ () Crogram Files87RLU4S3CMSZMM27UO5.exe
2016-12-01 10:39 - 2016-12-01 10:39 - 00369664 _____ () C:UsersbAppDataLocalTemp2IIJE15LEEcaster.exe
2016-12-01 10:39 - 2016-12-01 10:39 - 00369664 _____ () C:UsersbAppDataLocalTempKOPWPAQLFI.exe
2016-12-01 10:41 - 2016-12-01 10:41 - 00369664 _____ () C:UsersbAppDataLocalTempH96SYINWAH96SYINWA.exe
2016-12-01 10:47 - 2016-12-01 10:47 - 00369664 _____ () C:UsersbAppDataLocalTempS4FRGIDZQS4FRGIDZQ.exe
2016-12-01 10:48 - 2016-12-01 10:48 - 00369664 _____ () C:UsersbAppDataLocalTempRUMSG4DWHI.exe
2016-12-01 11:36 - 2016-12-01 11:37 - 00369664 _____ () C:UsersbAppDataLocalTempF5ZWXONA7F5ZWXONA7.exe
2016-12-01 09:39 - 2016-06-21 19:30 - 00442144 _____ () Crogram FilesIObitIObit UninstallermadExcept_.bpl
2016-12-01 09:39 - 2016-06-21 19:29 - 00210720 _____ () Crogram FilesIObitIObit UninstallermadBasic_.bpl
2016-12-01 09:39 - 2016-06-21 19:29 - 00059680 _____ () Crogram FilesIObitIObit UninstallermadDisAsm_.bpl
2016-12-01 09:39 - 2016-05-23 21:49 - 00899872 _____ () Crogram FilesIObitIObit Uninstallerwebres.dll
2016-12-01 09:39 - 2016-10-18 16:57 - 00631072 _____ () Crogram FilesIObitIObit UninstallerProductStatistics.dll
2013-02-21 14:09 - 2006-04-19 06:55 - 00618496 _____ () D:ko xoaUniKey.exe
2016-11-22 20:50 - 2013-07-06 17:24 - 00599368 _____ () C:UsersbAppDataLocalCocCocBrowserApplication27.0.1453.119libglesv2.dll
2016-11-22 20:50 - 2013-07-06 17:24 - 00124744 _____ () C:UsersbAppDataLocalCocCocBrowserApplication27.0.1453.119libegl.dll
2016-11-22 20:50 - 2013-07-06 17:24 - 04051408 _____ () C:UsersbAppDataLocalCocCocBrowserApplication27.0.1453.119pdf.dll
2016-11-22 20:50 - 2013-07-06 17:25 - 00393032 _____ () C:UsersbAppDataLocalCocCocBrowserApplication27.0.1453.119ppGoogleNaClPluginChrome.dll
2016-11-22 20:50 - 2013-07-06 17:24 - 01598280 _____ () C:UsersbAppDataLocalCocCocBrowserApplication27.0.1453.119ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2016-12-01 10:30 - 00000497 ____A C:Windowssystem32Driversetchosts

127.0.0.1 registeridm.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-2810402008-1773092572-2205188405-1000Control PanelDesktopWallpaper -> C:UsersbAppDataLocalTemp mp6348.bmp
DNS Servers: 203.113.131.2 - 203.113.131.3
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{73784784-1128-4007-8205-A405CD288AC3}] => C:WindowsMicrosoft.NETFrameworkv4.0.30319SMSvcHost.exe
FirewallRules: [{243298D2-3B73-4350-8EA3-79CDAAF26332}] => C:UsersbAppDataLocalTempis-4QIRL.tmpdownloadMiniThunderPlatform.exe
FirewallRules: [{CEC88E28-F76B-44B4-84E8-8A83B35E1722}] => Crogram FilesLenovoLsfLsf.exe
FirewallRules: [{7513EE98-F72F-40FD-8F42-BA5124957FB0}] => Crogram FilesLenovoLsfLsf.exe
FirewallRules: [{2B6B570B-F32C-42AB-9AFD-87D6CC89FC73}] => Crogram FilesLenovoLsfLsfHelper.exe
FirewallRules: [{3134220D-070A-48F8-97F9-3139EBEC707E}] => Crogram FilesLenovoLsfLsfHelper.exe
FirewallRules: [{B590A8BF-82A4-4961-BE95-991AA77B5BC7}] => Crogram FilesGreatMakerMaohaWiFiMaohaWifiSvr.exe
FirewallRules: [{03CB527B-91B0-4E48-9E7D-6308CDD59885}] => Crogram FilesGreatMakerMaohaWiFiDrvUpdate.exe
FirewallRules: [{E20E1006-F21C-4CFA-85CF-9C8C0D1FACD1}] => Crogram Files360360Safesafemon360Tray.exe
FirewallRules: [{CD767E62-BA06-4BE8-BD03-D61CB1B91E37}] => Crogram Files360360Safesafemon360Tray.exe
FirewallRules: [{45BE0F5C-39C2-41C9-9CFD-32829A6BDD6D}] => Crogram Files360360SafeLiveUpdate360.exe
FirewallRules: [{DD8F9E82-66FF-48EA-BF05-9C23108E1702}] => Crogram Files360360SafeLiveUpdate360.exe

==================== Restore Points =========================

01-12-2016 12:08:53 DPower version 1.0 restore point
01-12-2016 12:21:24 Google Chrome restore point
01-12-2016 12:44:59 Configured Microsoft Office Enterprise 2007

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2016 12:45:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Freelab since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/01/2016 12:45:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Network Packet Manitor since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/01/2016 12:45:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service GoogleChromeUpService since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/01/2016 12:45:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service BitTorrent since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/01/2016 12:45:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Background Logic Handler since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/01/2016 12:44:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {af6ed422-4944-4219-80fe-05a0a668a466}

Error: (12/01/2016 12:29:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Chrome.exe, version: 1.0.0.8, time stamp: 0x582d23d8
Faulting module name: libcef.dll, version: 3.2785.1458.0, time stamp: 0x5821340e
Exception code: 0xc0000005
Fault offset: 0x00c123f0
Faulting process id: 0x9c4
Faulting application start time: 0x01d24b93a76e3c1f
Faulting application path: CrogramDataWindowsMsgChrome.exe
Faulting module path: CrogramDataWindowsMsglibcef.dll
Report Id: 2ba78d9e-b787-11e6-9e78-9c9743371171

Error: (12/01/2016 12:29:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/01/2016 12:08:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d01673dc-245a-4fcb-a004-c9a9611fc47e}

Error: (12/01/2016 11:45:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program E7305WXIL.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 155c

Start Time: 01d24b8457ec19e4

Termination Time: 31

Application Path: C:UsersbAppDataLocalTempis-AFJ6T.tmpE7305WXIL.tmp

Report Id:


System errors:
=============
Error: (12/01/2016 12:27:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error:
The data is invalid.

Error: (12/01/2016 12:27:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Clear Cut And Paste service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/01/2016 12:27:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Hardware Protection Service service terminated with the following error:
The specified module could not be found.

Error: (12/01/2016 12:27:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Chdokkoholy service terminated with the following error:
The specified module could not be found.

Error: (12/01/2016 12:27:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Background Logic Handler service failed to start due to the following error:
The Background Logic Handler application cannot be run in Win32 mode.

Error: (12/01/2016 12:27:21 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (12/01/2016 11:08:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/01/2016 09:35:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Clear Cut And Paste service terminated unexpectedly. It has done this 1 time(s).

Error: (12/01/2016 09:18:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MaohaWiFiService service terminated unexpectedly. It has done this 1 time(s).

Error: (12/01/2016 09:05:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error:
The data is invalid.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz
Percentage of memory in use: 74%
Total physical RAM: 1893.86 MB
Available physical RAM: 484.61 MB
Total Virtual: 3787.72 MB
Available Virtual: 1765.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.57 GB) (Free:21.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (BACKUP) (Fixed) (Total:74.49 GB) (Free:25.62 GB) FAT32 ==>[system with boot components (obtained from drive)]
Drive e: (DATA) (Fixed) (Total:148.98 GB) (Free:111.37 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9ED58563)
Partition 1: (Active) - (Size=74.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================][/QUOTE]

 

đây .. các bác ạ. nó để lại lời nhắn cho thế này đấy

 

savk11: theo log và ảnh thì máy bạn đang bị adware + cerber ransomware 5.0.1 (mã độc tống tiền dòng Cerber mới nhất hiện nay)

Về adware bạn có thể làm theo hướng dẫn #2 ở trên.

Để phục hồi dữ liệu ngoài cách trả tiền chuộc bạn có thể thử bằng cách dùng ShadowExplorer.