Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Userinit troubles


  • Please log in to reply

#16
Sinik

Sinik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here you are sir:

--------------------\\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU	 T5550  @ 1.83GHz )
   BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
   USER : Administrator ( Administrator )
   BOOT : Normal boot
   Antivirus : eTrust EZ Antivirus 7.0.6.7 (Activated)
   C:\ (Local Disk) - NTFS - Total:74 Go (Free:55 Go)
   D:\ (Local Disk) - FAT32 - Total:74 Go (Free:52 Go)
   E:\ (CD or DVD)
   I:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( Sat 04/18/2009| 1:08 )


   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\ADMINI~1\Cookies\[email protected][2].txt
   Supprime! - C:\Program Files\Circle Developement
 
   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 

 
   --------------------\\  Listing des dossiers dans APPLIC~1

   [06/22/2008|06:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  ACD Systems
   [04/08/2009|08:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Adobe
   [05/16/2008|05:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Apple Computer
   [11/24/2008|12:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Babylon
   [06/07/2008|08:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Creative
   [07/20/2008|11:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  CyberLink
   [05/14/2008|06:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Identities
   [06/29/2008|09:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  IFViewer
   [05/14/2008|07:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  InstallShield
   [04/09/2009|04:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  LoudElseMix
   [06/21/2008|10:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Macromedia
   [01/22/2009|11:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Malwarebytes
   [11/03/2008|07:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Microsoft
   [05/14/2008|08:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Reallusion
   [09/26/2008|10:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Sony Corporation
   [05/16/2008|05:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  Sun
   [05/14/2008|08:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  tmp
   [01/22/2009|12:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR>		  U3

   [05/14/2008|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  ACD Systems
   [05/16/2008|05:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Adobe
   [05/16/2008|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Adobe Systems
   [05/16/2008|05:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Apple Computer
   [03/25/2009|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Babylon
   [07/18/2008|07:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  CA
   [07/20/2008|06:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  CanonBJ
   [05/16/2008|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  CyberLink
   [05/16/2008|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  ESET
   [01/22/2009|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Malwarebytes
   [07/18/2008|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Messenger Plus!
   [07/18/2008|05:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Microsoft
   [05/14/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Microsoft Help
   [05/14/2008|06:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  MSN Messenger 6.2.0137
   [03/25/2009|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  window second audio drive
   [06/21/2008|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR>		  Windows Genuine Advantage

   [05/14/2008|06:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR>		  Microsoft

   [05/14/2008|06:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR>		  Microsoft

   [05/14/2008|06:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR>		  Microsoft
 
   --------------------\\  Tโches planifi้es dans C:\WINDOWS\tasks

   [04/17/2009 08:46 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
   [08/10/2004 05:44 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

   --------------------\\  Listing des dossiers dans C:\Program Files

   [05/14/2008|09:45] C:\Program Files\<DIR>		  ACD Systems
   [05/16/2008|05:19] C:\Program Files\<DIR>		  Adobe
   [10/17/2008|07:12] C:\Program Files\<DIR>		  Babylon
   [05/15/2008|12:27] C:\Program Files\<DIR>		  Broadcom
   [07/18/2008|07:10] C:\Program Files\<DIR>		  CA
   [07/20/2008|06:20] C:\Program Files\<DIR>		  CanonBJ
   [04/08/2009|11:27] C:\Program Files\<DIR>		  Common Files
   [05/14/2008|06:07] C:\Program Files\<DIR>		  ComPlus Applications
   [10/17/2008|07:12] C:\Program Files\<DIR>		  Conduit
   [05/14/2008|08:00] C:\Program Files\<DIR>		  CONEXANT
   [05/15/2008|02:26] C:\Program Files\<DIR>		  Creative
   [05/15/2008|02:26] C:\Program Files\<DIR>		  Creative Live! Cam
   [05/14/2008|09:47] C:\Program Files\<DIR>		  CyberLink
   [05/15/2008|02:26] C:\Program Files\<DIR>		  DELL
   [05/14/2008|07:55] C:\Program Files\<DIR>		  DellTPad
   [05/14/2008|07:49] C:\Program Files\<DIR>		  DIFX
   [10/05/2008|08:01] C:\Program Files\<DIR>		  EA GAMES
   [07/18/2008|04:58] C:\Program Files\<DIR>		  Elaborate Bytes
   [05/16/2008|05:22] C:\Program Files\<DIR>		  ESET
   [05/14/2008|07:57] C:\Program Files\<DIR>		  Hewlett-Packard
   [11/08/2008|04:50] C:\Program Files\<DIR>		  IESurfBar
   [09/26/2008|10:21] C:\Program Files\<DIR>		  InstallShield Installation Information
   [05/14/2008|07:52] C:\Program Files\<DIR>		  Intel
   [05/14/2008|06:09] C:\Program Files\<DIR>		  Internet Explorer
   [05/16/2008|05:13] C:\Program Files\<DIR>		  iPod
   [05/16/2008|05:13] C:\Program Files\<DIR>		  iTunes
   [04/09/2009|04:45] C:\Program Files\<DIR>		  Java
   [03/25/2009|10:58] C:\Program Files\<DIR>		  Lopxp
   [03/25/2009|10:24] C:\Program Files\<DIR>		  LoudElseMix
   [01/22/2009|11:05] C:\Program Files\<DIR>		  Malwarebytes' Anti-Malware
   [07/18/2008|05:02] C:\Program Files\<DIR>		  Maxis
   [08/11/2008|10:25] C:\Program Files\<DIR>		  Messenger Plus! Live
   [05/14/2008|09:50] C:\Program Files\<DIR>		  Microsoft Office
   [05/14/2008|09:50] C:\Program Files\<DIR>		  Microsoft Visual Studio
   [05/14/2008|09:50] C:\Program Files\<DIR>		  Microsoft Works
   [05/14/2008|06:07] C:\Program Files\<DIR>		  MSN Gaming Zone
   [01/05/2009|05:19] C:\Program Files\<DIR>		  myBabylon_English
   [05/16/2008|05:22] C:\Program Files\<DIR>		  Nero
   [05/14/2008|06:08] C:\Program Files\<DIR>		  NetMeeting
   [05/14/2008|06:09] C:\Program Files\<DIR>		  Online Services
   [05/14/2008|06:08] C:\Program Files\<DIR>		  Outlook Express
   [01/22/2009|11:05] C:\Program Files\<DIR>		  Prime95
   [05/16/2008|05:14] C:\Program Files\<DIR>		  QuickTime
   [05/16/2008|04:38] C:\Program Files\<DIR>		  Sigmatel
   [07/20/2008|11:27] C:\Program Files\<DIR>		  SlySoft
   [09/26/2008|10:17] C:\Program Files\<DIR>		  Sony
   [03/25/2009|10:55] C:\Program Files\<DIR>		  Trend Micro
   [07/20/2008|11:05] C:\Program Files\<DIR>		  UltraISO
   [05/14/2008|06:24] C:\Program Files\<DIR>		  Uninstall Information
   [05/16/2008|04:44] C:\Program Files\<DIR>		  Winamp
   [05/16/2008|05:35] C:\Program Files\<DIR>		  Windows Live
   [06/23/2008|07:32] C:\Program Files\<DIR>		  Windows Media Connect 2
   [06/21/2008|09:09] C:\Program Files\<DIR>		  Windows Media Player
   [05/14/2008|06:07] C:\Program Files\<DIR>		  Windows NT
   [05/14/2008|06:09] C:\Program Files\<DIR>		  WindowsUpdate
   [07/18/2008|07:04] C:\Program Files\<DIR>		  WinRAR
   [05/16/2008|05:12] C:\Program Files\<DIR>		  WinZip

   --------------------\\  Listing des dossiers dans C:\Program Files\Common Files

   [05/14/2008|09:45] C:\Program Files\Common Files\<DIR>		  ACD Systems
   [05/16/2008|05:19] C:\Program Files\Common Files\<DIR>		  Adobe
   [05/16/2008|05:16] C:\Program Files\Common Files\<DIR>		  Adobe Systems Shared
   [05/16/2008|05:22] C:\Program Files\Common Files\<DIR>		  Ahead
   [05/14/2008|07:17] C:\Program Files\Common Files\<DIR>		  Creative
   [05/14/2008|09:50] C:\Program Files\Common Files\<DIR>		  DESIGNER
   [07/20/2008|11:05] C:\Program Files\Common Files\<DIR>		  EZB Systems
   [05/16/2008|05:13] C:\Program Files\Common Files\<DIR>		  InstallShield
   [05/14/2008|09:50] C:\Program Files\Common Files\<DIR>		  Microsoft Shared
   [05/14/2008|06:08] C:\Program Files\Common Files\<DIR>		  MSSoap
   [05/15/2008|01:03] C:\Program Files\Common Files\<DIR>		  ODBC
   [05/14/2008|07:18] C:\Program Files\Common Files\<DIR>		  Reallusion
   [05/14/2008|06:08] C:\Program Files\Common Files\<DIR>		  Services
   [05/15/2008|01:03] C:\Program Files\Common Files\<DIR>		  SpeechEngines
   [05/14/2008|09:48] C:\Program Files\Common Files\<DIR>		  System

   --------------------\\  Process

   ( 45 Processes )

   ... OK !

   --------------------\\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouv้ !
 
   --------------------\\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouv้ ! 
 
   --------------------\\  Verification du Registre
 
   ..... OK !

   --------------------\\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-04-18 01:11:06
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   disk error: C:\WINDOWS\System32\
   please note that you need administrator rights to perform deep scan
 
   --------------------\\  Recherche d'autres infections

   --------------------\\  ROOTKIT !!

   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
   Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]

   --------------------\\  Cracks & Keygens ..


   [F:748][D:14]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
   [F:34][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
   [F:7][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5
   [F:1][D:1]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - Sat 04/18/2009| 1:12 - Option : [2]

   --------------------\\  Fin du rapport a  1:12:06

----a-w		 1,032,192 2004-08-10 10:44:44  C:\windows\explorer.exe

 Entries:				1  (1)
 Directories:			0  Files:			 1
 Bytes:		  1,032,192  Blocks:		2,016

----a-w			11,113 2004-08-04 12:00:00  C:\windows\system32\userinit.exe

 Entries:				1  (1)
 Directories:			0  Files:			 1
 Bytes:			 11,113  Blocks:		   22

 Total Entries:				2  (2)
 Total Directories:			0  Files:			 2
 Total Bytes:		  1,043,305  Blocks:		2,038

  • 0

Advertisements


#17
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,590 posts
Please remove your current copy of Combofix and run the latest version.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in our next reply.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#18
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,590 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,590 posts
The topic is now opened. Please make sure you have the latest version of Combofix.
  • 0

#20
Sinik

Sinik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi guys,
Just to let you know I am now able to access this website, it was unavailable for several days lastly. Please don't close this subject for lack of answer :)

Actually the computer does not accept my USB key anymore, I'll try to post this afternoon the result of scans.

Thanks,
Dave
  • 0

#21
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,590 posts
:)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP