Jump to content

Search the Community

Showing results for tags 'hlktmp'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. Hi, Using flash player I get a malware, the one, which display in full screen a message asking for money because I'm a pirate ! After some attempts and updating flash I do not have the message again, but at each boot, (during boot time, I checked with procmon) the file is created again & again ! of course when Windows is running I have no access to the file, I but whith Knoppix to delete the file : c:\windows\temp\hlktmp. I don't know what it's really doing but I don't like that. Malwarebytes Anti-Malware detects nothing as any other software. WIth my differents tries I have deleted the file stdole2.tbl which I suspected to be corrupted, because at boot time in procmon logs the creation of hlktmp what just after that file :/ since I got it restaured. I have no restaure point after the malware installation because it was disabled in my PC now it's on. Any help would be greatly apreciated. thanks Marc . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21 Run by marc at 9:22:01 on 2012-08-05 Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3071.1659 [GMT 2:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\vmnat.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll LSP: %SystemRoot%\system32\vsocklib.dll DPF: {369383F8-C8B7-42E1-819E-D47E3ABAD4BC} - hxxp://192.168.0.200:8080/cgi-bin/QNAPG726.cab DPF: {4DA8C6E4-312A-4A8F-B02B-491B2BF09CF2} - hxxp://192.168.0.200:8080/cgi-bin/QNAPQ264.cab DPF: {603E0052-7B06-496B-A04B-192419174876} - hxxp://192.168.0.200:8080/cgi-bin/QNAPQIVG.cab DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://192.168.0.110/UltraMJCamX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} - hxxp://192.168.0.200:8080/cgi-bin/NNVRVMon.cab DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.0.111/codebase/DVM_IPCam2.ocx DPF: {B824D61F-DAF3-40BF-BA5E-430D250FF51C} - hxxp://192.168.0.200:8080/cgi-bin/QNAPQMP4.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {F5F2CE2F-C516-4428-8758-7178B1E1ABAB} - hxxp://192.168.0.200:8080/cgi-bin/QNAPQVivoTek.cab TCP: Interfaces\{AB26030B-D226-4422-934A-A1A7A6260A9E} : NameServer = 212.27.40.240,212.27.40.241 TCP: Interfaces\{D6E22CFB-0BD4-408E-9A60-7B0072403E7C} : DhcpNameServer = 212.27.40.240 212.27.40.241 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\marc\appdata\roaming\mozilla\firefox\profiles\rxbtyxna.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin2.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin3.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin4.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin5.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin6.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-15 11608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-5-15 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-15 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-15 66616] R2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [2011-3-31 40480] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-5 40776] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 136176] S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-5-17 8192] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-16 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-16 8456] S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 136176] S3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2010-8-16 573440] S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2010-8-16 15616] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120] S3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-12 2214504] S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-4-22 20080] S3 StorSvc;Service de stockage;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 T3Srv;FLIR Systems Camera Monitor;c:\program files\flir systems\flir device drivers\flir t3srv\sysx86\T3Srv.exe [2010-3-18 457312] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-4 52224] . =============== Created Last 30 ================ . 2012-08-05 06:54:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-04 11:54:01 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b6b4ba52-281f-411b-8b81-54895a8d95c6}\mpengine.dll 2012-08-04 11:46:18 -------- d-----w- c:\users\marc\appdata\local\SKIDROW 2012-08-02 19:04:57 -------- d-----w- c:\programdata\Kaspersky Lab 2012-08-02 19:04:57 -------- d-----w- c:\program files\Kaspersky Lab 2012-07-30 19:33:29 -------- d-----w- c:\program files\CCleaner 2012-07-30 18:36:36 -------- d-----w- C:\$RECYCLE.BIN 2012-07-30 18:31:50 -------- d-----w- c:\users\marc\appdata\local\temp 2012-07-30 17:43:55 -------- d-----w- c:\program files\Unlocker 2012-07-30 17:18:18 98816 ----a-w- c:\windows\sed.exe 2012-07-30 17:18:18 518144 ----a-w- c:\windows\SWREG.exe 2012-07-30 17:18:18 256000 ----a-w- c:\windows\PEV.exe 2012-07-30 17:18:18 208896 ----a-w- c:\windows\MBR.exe 2012-07-13 08:16:58 2345984 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-08-04 10:19:42 17488 ----a-w- c:\windows\gdrv.sys 2012-08-04 09:49:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 09:49:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 11:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2010-01-06 23:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . ============= FINISH: 9:22:35,66 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.