[求救] NB被植入木馬類的東西

看板AntiVirus (防毒)作者bayant (VAN)時間11年前 (2015/04/02 22:31)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

請問有人知道這一大串程式碼是什麼東西嗎??小弟目前成為各大詐欺集團目標 9:7:47 = Process Attach 9:7:47 = end process attach 9:7:47 = ##### Begin waiting Mutex to release process ##### 9:7:47 = hWnd = 0x00020096; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows ??.x=0, y=0, width=1024, height=768 9:7:47 = hWnd = 0x0002009e; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 9:7:47 = hWnd = 0x0002009a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 9:9:20 = Process Attach 9:9:20 = end process attach 9:9:20 = ***** NULL == SampleProvider ***** 9:9:20 = ##### Begin waiting Mutex to release process ##### 9:9:20 = hWnd = 0x0002001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768 9:9:20 = hWnd = 0x00020018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 9:9:20 = hWnd = 0x0002002e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 9:9:20 = hWnd = 0x0002001a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 9:9:21 = Need to re-create objects. 9:9:21 = s1. 9:9:21 = s2. 9:9:21 = find user name 9:9:21 = Start show animate 9:9:21 = Shell Excutute VerifyHost 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:9:21 = find user name 9:11:24 = begin close Process 9:11:24 = Terminate Process 9:11:25 = end close Process 9:11:25 = DLL_PROCESS_DETACH 9:13:40 = Process Attach 9:13:40 = end process attach 9:13:40 = ***** NULL == SampleProvider ***** 9:13:40 = hWnd = 0x00050112; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768 9:13:40 = hWnd = 0x00040116; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 9:13:40 = hWnd = 0x0006010a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 9:13:40 = hWnd = 0x0005011a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 9:13:44 = Process Attach 9:13:44 = ## ERR ## Setevent 9:13:44 = ***** NULL == SampleProvider ***** 9:13:44 = begin close Process 9:13:44 = end close Process 9:13:44 = ##### Get event and release process end ##### 9:13:44 = hWnd = 0x000400dc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1024, height=768 9:13:44 = hWnd = 0x000200b0; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 9:13:44 = hWnd = 0x00090044; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 9:13:44 = hWnd = 0x000300e2; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 10:33:55 = Process Attach 10:33:55 = end process attach 10:33:55 = ***** NULL == SampleProvider ***** 10:33:55 = ##### Begin waiting Mutex to release process ##### 10:33:55 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768 10:33:55 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 10:33:56 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 10:33:56 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 10:34:0 = Need to re-create objects. 10:34:0 = s1. 10:34:0 = s2. 10:34:2 = find user name 10:34:2 = Start show animate 10:34:2 = Shell Excutute VerifyHost 10:34:2 = find user name 10:34:2 = find user name 10:34:2 = find user name 10:34:2 = find user name 10:34:2 = find user name 10:34:6 = find user name 10:34:6 = find user name 10:34:6 = find user name 10:34:6 = find user name 10:34:6 = find user name 10:34:6 = find user name 10:34:6 = find user name 10:35:3 = find user name 10:35:3 = find user name 10:35:3 = find user name 10:35:3 = find user name 10:35:3 = find user name 10:35:3 = find user name 10:35:15 = begin close Process 10:35:15 = Terminate Process 10:35:16 = end close Process 10:35:16 = DLL_PROCESS_DETACH 23:44:50 = Process Attach 23:44:50 = end process attach 23:44:50 = ***** NULL == SampleProvider ***** 23:44:50 = hWnd = 0x00530502; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768 23:44:50 = hWnd = 0x006505bc; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 23:44:50 = hWnd = 0x0080044e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 23:44:50 = hWnd = 0x0026039e; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 23:44:56 = Process Attach 23:44:56 = ## ERR ## Setevent 23:44:56 = ##### Get event and release process ##### 23:44:56 = begin close Process 23:44:56 = end close Process 23:44:56 = ##### Get event and release process end ##### 23:44:56 = hWnd = 0x005300e2; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1024, height=768 23:44:56 = hWnd = 0x007d00f4; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 23:44:56 = hWnd = 0x000700ae; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 23:44:56 = hWnd = 0x003e007e; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 23:46:22 = Process Attach 23:46:22 = end process attach 23:46:22 = ##### Begin waiting Mutex to release process ##### 23:46:22 = ***** NULL == SampleProvider ***** 23:46:22 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768 23:46:22 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 23:46:23 = hWnd = 0x00010024; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 23:46:23 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 23:46:41 = Need to re-create objects. 23:46:41 = s1. 23:46:41 = s2. 23:46:41 = find user name 23:46:41 = Start show animate 23:46:41 = Shell Excutute VerifyHost 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:46:41 = find user name 23:47:14 = find user name 23:47:14 = find user name 23:47:14 = find user name 23:47:14 = find user name 23:47:15 = find user name 23:47:15 = find user name 23:47:15 = find user name 23:47:15 = find user name 23:47:15 = find user name 23:47:15 = find user name 23:47:15 = find user name 23:47:15 = find user name 23:47:16 = find user name 23:47:16 = find user name 23:47:16 = find user name 23:47:16 = find user name 23:47:16 = find user name 23:47:16 = find user name 23:47:23 = find user name 23:47:23 = find user name 23:47:23 = find user name 23:47:23 = find user name 23:47:23 = find user name 23:47:23 = find user name 23:47:24 = find user name 23:47:24 = find user name 23:47:24 = find user name 23:47:24 = find user name 23:47:24 = find user name 23:47:24 = find user name 23:47:33 = find user name 中間差不多省略 19:39:16 = find user name 19:43:17 = find user name 19:43:17 = find user name 19:43:17 = find user name 19:43:17 = find user name 19:43:18 = begin close Process 19:43:18 = Terminate Process 19:43:19 = end close Process 19:43:19 = DLL_PROCESS_DETACH 11:18:30 = Process Attach 11:18:30 = end process attach 11:18:30 = ***** NULL == SampleProvider ***** 11:18:30 = hWnd = 0x003318f4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768 11:18:30 = hWnd = 0x00281c88; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 11:18:30 = hWnd = 0x001f0d5c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 11:18:30 = hWnd = 0x023917b0; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 11:18:31 = Need to re-create objects. 11:18:31 = s1. 11:18:31 = s2. 11:18:31 = find user name 11:18:31 = Start show animate 11:18:31 = Shell Excutute VerifyHost 11:18:31 = find user name 11:18:31 = find user name 11:18:31 = find user name 11:18:31 = find user name 11:18:31 = find user name 11:18:31 = find user name 11:18:31 = find user name 11:18:31 = find user name 11:18:31 = find user name 11:18:31 = find user name 11:23:55 = find user name 11:23:55 = find user name 11:23:55 = find user name 11:23:55 = find user name 11:23:56 = begin close Process 11:23:56 = Terminate Process 11:23:57 = end close Process 11:23:57 = DLL_PROCESS_DETACH 11:55:29 = Process Attach 11:55:29 = end process attach 11:55:29 = ***** NULL == SampleProvider ***** 11:55:29 = hWnd = 0x001713e6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768 11:55:29 = hWnd = 0x01391ca4; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1 11:55:29 = hWnd = 0x002b0d5e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0 11:55:29 = hWnd = 0x00661874; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0 11:55:29 = Need to re-create objects. 11:55:29 = s1. 11:55:29 = s2. 11:55:29 = find user name 11:55:29 = Start show animate ███████發文時，如果文字沒有顏色，可以使用「Ctrl+V」開啟顏色███████ 求救文發文須知一、在確定發出文章前請先用您的防毒軟體掃描全系統，如還有異常再發文如會掃描很久請最少掃描以下位置和防毒軟體顯示的中毒檔案位置： C:\Windows\System32 C:\Windows C:\Program Files 線上掃毒使用方式請看精華區(z-★線上掃毒網站) ※掃毒報告請保存下來，以便無法自行解決問題時發文用。二、安裝微軟的最新的安全更新三、清除暫存檔（清除工具：http://tinyurl.com/nkb3v7）四、如果掃毒結果病毒位置在「System Volume Information」資料夾、子資料夾內請關閉系統還原。（關閉方法說明：http://tinyurl.com/mkpwuu）五、如果以上方法您的電腦已經健康了，那恭喜你！如果沒有任何效果，請填寫下面的資料，並且利用「Ctrl+Y」刪除紅字（1.敘述問題、2.系統資料、3.掃毒報告、4.分析報告）六、下面必填資料中三個分析報告（Combofix、Hijackthis、SRENG）都是必填！【全部資料皆為必填！看完後，不要刪掉白字，請將綠字與紅字刪除】 ˙如果可以，請將病毒壓縮加密碼後傳送至免費空間，然後將網址站內信寄給TypeZero ---------「問題仍無法解決，請利用『Ctrl+Y』刪除本行以及本行以上的文字」-------- 1. 敘述問題：在這裡請依序詳細說明你的電腦發生了什麼事情，如果有圖片、影片更好！ 2. 系統資料：使用的作業系統（如：Windows XP、Windows Vista）使用的防毒軟體 3. 分析報告：分析報告上傳免費空間：http://sun.cis.scu.edu.tw/~92a39/upload.php 網址縮短服務：[1]http://ppt.cc [2]http://0rz.tw [3]http://tinyurl.com/ Combofix報告：（程式載點：http://sylovanas.blogspot.com/2009/04/combofix.html） Hijackthis ：（程式載點：http://tinyurl.com/pztscj）執行後，選 Do A System Scan And Save A Logfile 然後將該檔案傳至上面提供的「分析報告上傳免費空間」 SRENG ：（程式載點：http://tinyurl.com/m4q4cn）執行順序 Combofix -> hijackthis -> Sreng 然後將該檔案傳至上面提供的「分析報告上傳免費空間」防毒軟體報告：（在此填上您防毒軟體的報告，一樣可上傳至上面所提供的空間） -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 118.233.65.154 ※ 文章網址: https://www.ptt.cc/bbs/AntiVirus/M.1427985116.A.1EC.html