1. PTT
  2. AntiVirus

[求救] NB被植入木馬類的東西

作者: bayant (VAN)   2015-04-02 22:31:53
請問有人知道這一大串程式碼是什麼東西嗎??小弟目前成為各大詐欺集團目標
9:7:47 = Process Attach
9:7:47 = end process attach
9:7:47 = ##### Begin waiting Mutex to release process #####
9:7:47 = hWnd = 0x00020096; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows ??.x=0, y=0, width=1024, height=768
9:7:47 = hWnd = 0x0002009e; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
9:7:47 = hWnd = 0x0002009a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
9:9:20 = Process Attach
9:9:20 = end process attach
9:9:20 = ***** NULL == SampleProvider *****
9:9:20 = ##### Begin waiting Mutex to release process #####
9:9:20 = hWnd = 0x0002001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768
9:9:20 = hWnd = 0x00020018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
9:9:20 = hWnd = 0x0002002e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
9:9:20 = hWnd = 0x0002001a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
9:9:21 = Need to re-create objects.
9:9:21 = s1.
9:9:21 = s2.
9:9:21 = find user name
9:9:21 = Start show animate
9:9:21 = Shell Excutute VerifyHost
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:9:21 = find user name
9:11:24 = begin close Process
9:11:24 = Terminate Process
9:11:25 = end close Process
9:11:25 = DLL_PROCESS_DETACH
9:13:40 = Process Attach
9:13:40 = end process attach
9:13:40 = ***** NULL == SampleProvider *****
9:13:40 = hWnd = 0x00050112; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768
9:13:40 = hWnd = 0x00040116; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
9:13:40 = hWnd = 0x0006010a; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
9:13:40 = hWnd = 0x0005011a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
9:13:44 = Process Attach
9:13:44 = ## ERR ## Setevent
9:13:44 = ***** NULL == SampleProvider *****
9:13:44 = begin close Process
9:13:44 = end close Process
9:13:44 = ##### Get event and release process end #####
9:13:44 = hWnd = 0x000400dc; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1024, height=768
9:13:44 = hWnd = 0x000200b0; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
9:13:44 = hWnd = 0x00090044; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
9:13:44 = hWnd = 0x000300e2; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
10:33:55 = Process Attach
10:33:55 = end process attach
10:33:55 = ***** NULL == SampleProvider *****
10:33:55 = ##### Begin waiting Mutex to release process #####
10:33:55 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768
10:33:55 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
10:33:56 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
10:33:56 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
10:34:0 = Need to re-create objects.
10:34:0 = s1.
10:34:0 = s2.
10:34:2 = find user name
10:34:2 = Start show animate
10:34:2 = Shell Excutute VerifyHost
10:34:2 = find user name
10:34:2 = find user name
10:34:2 = find user name
10:34:2 = find user name
10:34:2 = find user name
10:34:6 = find user name
10:34:6 = find user name
10:34:6 = find user name
10:34:6 = find user name
10:34:6 = find user name
10:34:6 = find user name
10:34:6 = find user name
10:35:3 = find user name
10:35:3 = find user name
10:35:3 = find user name
10:35:3 = find user name
10:35:3 = find user name
10:35:3 = find user name
10:35:15 = begin close Process
10:35:15 = Terminate Process
10:35:16 = end close Process
10:35:16 = DLL_PROCESS_DETACH
23:44:50 = Process Attach
23:44:50 = end process attach
23:44:50 = ***** NULL == SampleProvider *****
23:44:50 = hWnd = 0x00530502; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768
23:44:50 = hWnd = 0x006505bc; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
23:44:50 = hWnd = 0x0080044e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
23:44:50 = hWnd = 0x0026039e; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
23:44:56 = Process Attach
23:44:56 = ## ERR ## Setevent
23:44:56 = ##### Get event and release process #####
23:44:56 = begin close Process
23:44:56 = end close Process
23:44:56 = ##### Get event and release process end #####
23:44:56 = hWnd = 0x005300e2; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1024, height=768
23:44:56 = hWnd = 0x007d00f4; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
23:44:56 = hWnd = 0x000700ae; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
23:44:56 = hWnd = 0x003e007e; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
23:46:22 = Process Attach
23:46:22 = end process attach
23:46:22 = ##### Begin waiting Mutex to release process #####
23:46:22 = ***** NULL == SampleProvider *****
23:46:22 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768
23:46:22 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
23:46:23 = hWnd = 0x00010024; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
23:46:23 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
23:46:41 = Need to re-create objects.
23:46:41 = s1.
23:46:41 = s2.
23:46:41 = find user name
23:46:41 = Start show animate
23:46:41 = Shell Excutute VerifyHost
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:46:41 = find user name
23:47:14 = find user name
23:47:14 = find user name
23:47:14 = find user name
23:47:14 = find user name
23:47:15 = find user name
23:47:15 = find user name
23:47:15 = find user name
23:47:15 = find user name
23:47:15 = find user name
23:47:15 = find user name
23:47:15 = find user name
23:47:15 = find user name
23:47:16 = find user name
23:47:16 = find user name
23:47:16 = find user name
23:47:16 = find user name
23:47:16 = find user name
23:47:16 = find user name
23:47:23 = find user name
23:47:23 = find user name
23:47:23 = find user name
23:47:23 = find user name
23:47:23 = find user name
23:47:23 = find user name
23:47:24 = find user name
23:47:24 = find user name
23:47:24 = find user name
23:47:24 = find user name
23:47:24 = find user name
23:47:24 = find user name
23:47:33 = find user name
中間差不多省略
19:39:16 = find user name
19:43:17 = find user name
19:43:17 = find user name
19:43:17 = find user name
19:43:17 = find user name
19:43:18 = begin close Process
19:43:18 = Terminate Process
19:43:19 = end close Process
19:43:19 = DLL_PROCESS_DETACH
11:18:30 = Process Attach
11:18:30 = end process attach
11:18:30 = ***** NULL == SampleProvider *****
11:18:30 = hWnd = 0x003318f4; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768
11:18:30 = hWnd = 0x00281c88; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
11:18:30 = hWnd = 0x001f0d5c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
11:18:30 = hWnd = 0x023917b0; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
11:18:31 = Need to re-create objects.
11:18:31 = s1.
11:18:31 = s2.
11:18:31 = find user name
11:18:31 = Start show animate
11:18:31 = Shell Excutute VerifyHost
11:18:31 = find user name
11:18:31 = find user name
11:18:31 = find user name
11:18:31 = find user name
11:18:31 = find user name
11:18:31 = find user name
11:18:31 = find user name
11:18:31 = find user name
11:18:31 = find user name
11:18:31 = find user name
11:23:55 = find user name
11:23:55 = find user name
11:23:55 = find user name
11:23:55 = find user name
11:23:56 = begin close Process
11:23:56 = Terminate Process
11:23:57 = end close Process
11:23:57 = DLL_PROCESS_DETACH
11:55:29 = Process Attach
11:55:29 = end process attach
11:55:29 = ***** NULL == SampleProvider *****
11:55:29 = hWnd = 0x001713e6; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows 登入.x=0, y=0, width=1366, height=768
11:55:29 = hWnd = 0x01391ca4; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.x=0, y=0, width=1, height=1
11:55:29 = hWnd = 0x002b0d5e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.x=0, y=0, width=0, height=0
11:55:29 = hWnd = 0x00661874; ClassName: IME; Title: Default IME.x=0, y=0, width=0, height=0
11:55:29 = Need to re-create objects.
11:55:29 = s1.
11:55:29 = s2.
11:55:29 = find user name
11:55:29 = Start show animate
███████發文時,如果文字沒有顏色,可以使用「Ctrl+V」開啟顏色███████
求救文發文須知
一、在確定發出文章前請先用您的防毒軟體掃描全系統,如還有異常再發文
如會掃描很久請最少掃描以下位置和防毒軟體顯示的中毒檔案位置:
C:\Windows\System32 C:\Windows C:\Program Files
線上掃毒使用方式請看精華區(z-★線上掃毒網站)
※掃毒報告請保存下來,以便無法自行解決問題時發文用。
二、安裝微軟的最新的安全更新
三、清除暫存檔(清除工具:http://tinyurl.com/nkb3v7)
四、如果掃毒結果病毒位置在「System Volume Information」資料夾、子資料夾內
請關閉系統還原。(關閉方法說明:http://tinyurl.com/mkpwuu)
五、如果以上方法您的電腦已經健康了,那恭喜你!
如果沒有任何效果,請填寫 下面的資料,並且利用「Ctrl+Y」刪除紅字
(1.敘述問題、2.系統資料、3.掃毒報告、4.分析報告)
六、下面必填資料中三個分析報告(Combofix、Hijackthis、SRENG)都是必填!
【全部資料皆為必填!看完後,不要刪掉白字,請將綠字與紅字刪除】
˙如果可以,請將病毒壓縮加密碼後傳送至免費空間,然後將網址站內信寄給TypeZero
繼續閱讀
Re: [求救] Bitdefender如何將chrome的綁架消除?johnsswuRe: [問題] AVAST!建議禁止網路路由器從網路存取?johnsswuRe: [問題] 關於趨勢的iClean為何都沒更新了?johnsswu[問題] AVAST!建議禁止網路路由器從網路存取?Chih3300625[問題] 關於趨勢的iClean為何都沒更新了?wt5566[問題] 網站就被插入廣告,怎麼移除shawnrita[求救] Bitdefender如何將chrome的綁架消除?refusekkk[求救] ctb locker...lonelywind[問題] 刪除360安全衛士後raopgyjj[問題] AVG無法打開younjken

Links booklink

Contact Us: admin [ a t ] ucptt.com