Foro de Spyware - Ver Mensaje Individual - Trojan.Starup.NameShifter.DE

Tema: Trojan.Starup.NameShifter.DE

Ver Mensaje Individual

post #1 (permalink)

16/08/05, 12:22:11

daniel briceño daniel briceño está offline

Usuario

Registrado: ago 2005

Ubicación: caracas

Mensajes: 1

Trojan.Starup.NameShifter.DE

buenos dias tenjo este trojan en un servidor windows 2003 server mi proble es que al utilizar la herramineta HijackThis no se a que ntradas darles dale

tome como referenvcia el caso resuelto por ELpiedra al señor Try von pero las entrdas difieren los pasos a siguir en este foro son los siguientes

1) realizar

a una serie de entradas que yo en mi sistema operativo no tengo.
2) eliminar estos archivos con la herramienta KILLBOX
-mscy.exe
-sdkod32.exe en mi sistema sale sdkod.exe no se si es el que tengo que eliminar?
-netym32.exe en mi suistema sale netyf32
-appad.exe en mi sistema sale appas y appac
3 por ultimo ejecutar security suite
ejecuten todas estas tareas pero tengo el trojan aun en mi sistema este es mi log HijackThis gracas por la ayuda que me puedan prestar

Logfile of HijackThis v1.99.1
Scan saved at 10:18:48 AM, on 8/16/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
e:\Sql2000\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
e:\Sql2000\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ISA Server\mspadmin.exe
C:\Program Files\Microsoft ISA Server\wspsrv.exe
C:\Program Files\Microsoft ISA Server\w3proxy.exe
C:\Program Files\Microsoft ISA Server\W3Prefch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\d3bk.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\ntbackup.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\WINDOWS\system32\msiexec.exe
E:\Programas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fmico.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fmico.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fmico.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fmico.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=192.168.1.18:8080
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {013D29ED-4BEC-429C-5906-BA9871F852E0} - C:\WINDOWS\ntdx32.dll
O2 - BHO: Class - {09E5F19D-2F9E-81D4-13A0-ACBFBB6568E9} - C:\WINDOWS\system32\atlsn.dll
O2 - BHO: Class - {1F84D767-CE9E-5F23-6C4F-38EB8460335C} - C:\WINDOWS\sysxc32.dll
O2 - BHO: Class - {263D8EC6-3994-13AE-F18C-F072FE879294} - C:\WINDOWS\system32\ntfg32.dll
O2 - BHO: Class - {31A2FBC1-89DB-C895-A49F-CF60595ADF3B} - C:\WINDOWS\system32\sysmc.dll
O2 - BHO: Class - {35ED118C-CAF1-621F-5AC4-587668DD040D} - C:\WINDOWS\system32\iezh32.dll
O2 - BHO: Class - {4A71E4ED-B153-02B7-F9C5-D2CE34029094} - C:\WINDOWS\javahq32.dll
O2 - BHO: Class - {508611AF-6A54-2634-FB35-FBFBFC63C375} - C:\WINDOWS\system32\apiav.dll
O2 - BHO: Class - {547AA0D8-9434-5174-B30C-03739ABB29DC} - C:\WINDOWS\system32\netec32.dll
O2 - BHO: Class - {55C2A982-5FB8-705D-AB13-7616770AA2ED} - C:\WINDOWS\syspl.dll
O2 - BHO: Class - {6B03765D-30B1-A302-BA45-6E9EE2CE63F4} - C:\WINDOWS\system32\ipbp32.dll
O2 - BHO: Class - {6BD4ABBD-3523-C873-457D-313BA77F97C0} - C:\WINDOWS\appgz.dll
O2 - BHO: Class - {7363BA68-FA5B-4BC9-8DEF-84263F54F53D} - C:\WINDOWS\system32\atlun.dll
O2 - BHO: Class - {76319600-5394-492A-8D46-BB7F1C729D83} - C:\WINDOWS\system32\javanl.dll
O2 - BHO: Class - {77DA2E10-5D05-0B88-24FA-6EFE91EAF6D6} - C:\WINDOWS\system32\sysue32.dll
O2 - BHO: Class - {8795DBCC-3869-2C17-CA6F-F9FF44CDA69E} - C:\WINDOWS\system32\javaqa.dll
O2 - BHO: Class - {97844521-9B02-5F4A-6832-B572D5720BB7} - C:\WINDOWS\system32\netjh32.dll
O2 - BHO: Class - {9CB8A74B-935C-C5A9-E092-4A75F3B6FCAE} - C:\WINDOWS\system32\mscx32.dll
O2 - BHO: Class - {9FA5C3AF-230C-83DF-38F6-47968449B1A4} - C:\WINDOWS\mfcxy.dll
O2 - BHO: Class - {9FDF83AD-8A3C-B880-B6D5-F25372C94CAA} - C:\WINDOWS\apibd.dll
O2 - BHO: Class - {A21022CC-4063-2FB0-2846-65FB99D6E89E} - C:\WINDOWS\system32\netnc.dll
O2 - BHO: Class - {AC81EC14-3EEC-6538-2603-BABEF1F75A24} - C:\WINDOWS\addzj.dll
O2 - BHO: Class - {B1D2619A-C7DC-966B-6978-7C00B788D32E} - C:\WINDOWS\crel32.dll
O2 - BHO: Class - {B3394F71-3F4C-A0CC-56A8-984B3FC4262B} - C:\WINDOWS\system32\mfclf32.dll
O2 - BHO: Class - {C38C7CC0-194E-47AA-322C-B53A3F24FC5C} - C:\WINDOWS\system32\mfcwk.dll
O2 - BHO: Class - {D4C01209-FCAD-EE93-EE51-B4B24B1EDA5F} - C:\WINDOWS\system32\javarm32.dll
O2 - BHO: Class - {E12F9AC5-10D5-A5B6-0619-4FBA819B52BE} - C:\WINDOWS\system32\syssk32.dll
O2 - BHO: Class - {E4EEFBD7-EE7A-ED90-AEF4-6C866A090562} - C:\WINDOWS\system32\mfcaz.dll
O2 - BHO: Class - {EB83084A-24FF-C393-E570-D9A67713C46F} - C:\WINDOWS\crbd.dll
O2 - BHO: Class - {EE6513A2-ECF0-EC46-5C08-337375A1D7E6} - C:\WINDOWS\sysoz32.dll
O2 - BHO: Class - {EFC4F699-F19A-6D2A-3A0D-DA6A6848205C} - C:\WINDOWS\nthi.dll
O2 - BHO: Class - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - C:\WINDOWS\iefw.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ICW Reminder] C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ieeu.exe] C:\WINDOWS\ieeu.exe
O4 - HKLM\..\Run: [crxs.exe] C:\WINDOWS\system32\crxs.exe
O4 - HKLM\..\Run: [d3bk.exe] C:\WINDOWS\system32\d3bk.exe
O4 - HKLM\..\RunOnce: [javawp.exe] C:\WINDOWS\javawp.exe
O4 - HKLM\..\RunOnce: [ipat32.exe] C:\WINDOWS\ipat32.exe
O4 - HKLM\..\RunOnce: [atlqi.exe] C:\WINDOWS\system32\atlqi.exe
O4 - HKLM\..\RunOnce: [mspy32.exe] C:\WINDOWS\mspy32.exe
O4 - HKLM\..\RunOnce: [sdknn32.exe] C:\WINDOWS\sdknn32.exe
O4 - HKLM\..\RunOnce: [ielt32.exe] C:\WINDOWS\system32\ielt32.exe
O4 - HKLM\..\RunOnce: [appca32.exe] C:\WINDOWS\system32\appca32.exe
O4 - HKLM\..\RunOnce: [winxe.exe] C:\WINDOWS\winxe.exe
O4 - HKLM\..\RunOnce: [creu32.exe] C:\WINDOWS\creu32.exe
O4 - HKLM\..\RunOnce: [netuj.exe] C:\WINDOWS\system32\netuj.exe
O4 - HKLM\..\RunOnce: [mfcyl.exe] C:\WINDOWS\system32\mfcyl.exe
O4 - HKLM\..\RunOnce: [sdktp32.exe] C:\WINDOWS\sdktp32.exe
O4 - HKLM\..\RunOnce: [netdx.exe] C:\WINDOWS\system32\netdx.exe
O4 - HKLM\..\RunOnce: [iprm32.exe] C:\WINDOWS\iprm32.exe
O4 - HKLM\..\RunOnce: [netxj32.exe] C:\WINDOWS\system32\netxj32.exe
O4 - HKLM\..\RunOnce: [d3pr32.exe] C:\WINDOWS\system32\d3pr32.exe
O4 - HKLM\..\RunOnce: [mfcpz.exe] C:\WINDOWS\mfcpz.exe
O4 - HKLM\..\RunOnce: [addtd.exe] C:\WINDOWS\addtd.exe
O4 - HKLM\..\RunOnce: [ipib32.exe] C:\WINDOWS\system32\ipib32.exe
O4 - HKLM\..\RunOnce: [javayi.exe] C:\WINDOWS\system32\javayi.exe
O4 - HKLM\..\RunOnce: [iecm32.exe] C:\WINDOWS\system32\iecm32.exe
O4 - HKLM\..\RunOnce: [d3mn.exe] C:\WINDOWS\system32\d3mn.exe
O4 - HKLM\..\RunOnce: [d3rj32.exe] C:\WINDOWS\system32\d3rj32.exe
O4 - HKLM\..\RunOnce: [d3gy32.exe] C:\WINDOWS\d3gy32.exe
O4 - HKLM\..\RunOnce: [netlc32.exe] C:\WINDOWS\system32\netlc32.exe
O4 - HKLM\..\RunOnce: [msgo.exe] C:\WINDOWS\msgo.exe
O4 - HKLM\..\RunOnce: [ipok32.exe] C:\WINDOWS\system32\ipok32.exe
O4 - HKLM\..\RunOnce: [sysws.exe] C:\WINDOWS\sysws.exe
O4 - HKLM\..\RunOnce: [sdkje32.exe] C:\WINDOWS\system32\sdkje32.exe
O4 - HKLM\..\RunOnce: [systl.exe] C:\WINDOWS\system32\systl.exe
O4 - HKLM\..\RunOnce: [javasb32.exe] C:\WINDOWS\system32\javasb32.exe
O4 - HKLM\..\RunOnce: [netqi.exe] C:\WINDOWS\netqi.exe
O4 - HKLM\..\RunOnce: [winpy32.exe] C:\WINDOWS\winpy32.exe
O4 - HKLM\..\RunOnce: [msnd.exe] C:\WINDOWS\system32\msnd.exe
O4 - HKLM\..\RunOnce: [mswu32.exe] C:\WINDOWS\system32\mswu32.exe
O4 - HKLM\..\RunOnce: [sdkmj32.exe] C:\WINDOWS\sdkmj32.exe
O4 - HKLM\..\RunOnce: [javaur.exe] C:\WINDOWS\javaur.exe
O4 - HKLM\..\RunOnce: [sdkvz.exe] C:\WINDOWS\system32\sdkvz.exe
O4 - HKLM\..\RunOnce: [winef32.exe] C:\WINDOWS\system32\winef32.exe
O4 - HKLM\..\RunOnce: [d3cn.exe] C:\WINDOWS\d3cn.exe
O4 - HKLM\..\RunOnce: [apprs32.exe] C:\WINDOWS\apprs32.exe
O4 - HKLM\..\RunOnce: [atlza.exe] C:\WINDOWS\atlza.exe
O4 - HKLM\..\RunOnce: [appaa.exe] C:\WINDOWS\system32\appaa.exe
O4 - HKLM\..\RunOnce: [ippy32.exe] C:\WINDOWS\ippy32.exe
O4 - HKLM\..\RunOnce: [crnf32.exe] C:\WINDOWS\system32\crnf32.exe
O4 - HKLM\..\RunOnce: [sdkjj.exe] C:\WINDOWS\system32\sdkjj.exe
O4 - HKLM\..\RunOnce: [atliy32.exe] C:\WINDOWS\system32\atliy32.exe
O4 - HKLM\..\RunOnce: [sysgo.exe] C:\WINDOWS\sysgo.exe
O4 - HKLM\..\RunOnce: [javafe32.exe] C:\WINDOWS\system32\javafe32.exe
O4 - HKLM\..\RunOnce: [netvt32.exe] C:\WINDOWS\netvt32.exe
O4 - HKLM\..\RunOnce: [ipvb32.exe] C:\WINDOWS\ipvb32.exe
O4 - HKLM\..\RunOnce: [msyl32.exe] C:\WINDOWS\msyl32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\system32\iegb.exe
O4 - HKLM\..\RunOnce: [mshb.exe] C:\WINDOWS\mshb.exe
O4 - HKLM\..\RunOnce: [appwq32.exe] C:\WINDOWS\system32\appwq32.exe
O4 - HKLM\..\RunOnce: [netvx32.exe] C:\WINDOWS\netvx32.exe
O4 - HKLM\..\RunOnce: [mfcqj.exe] C:\WINDOWS\mfcqj.exe
O4 - HKLM\..\RunOnce: [iepr32.exe] C:\WINDOWS\iepr32.exe
O4 - HKLM\..\RunOnce: [javafg32.exe] C:\WINDOWS\system32\javafg32.exe
O4 - HKLM\..\RunOnce: [crnw.exe] C:\WINDOWS\system32\crnw.exe
O4 - HKLM\..\RunOnce: [d3sl32.exe] C:\WINDOWS\system32\d3sl32.exe
O4 - HKLM\..\RunOnce: [d3xj32.exe] C:\WINDOWS\d3xj32.exe
O4 - HKLM\..\RunOnce: [msai32.exe] C:\WINDOWS\system32\msai32.exe
O4 - HKLM\..\RunOnce: [iptj32.exe] C:\WINDOWS\system32\iptj32.exe
O4 - HKLM\..\RunOnce: [nttr.exe] C:\WINDOWS\system32\nttr.exe
O4 - HKLM\..\RunOnce: [d3rh32.exe] C:\WINDOWS\system32\d3rh32.exe
O4 - HKLM\..\RunOnce: [sysho32.exe] C:\WINDOWS\system32\sysho32.exe
O4 - HKLM\..\RunOnce: [msca.exe] C:\WINDOWS\system32\msca.exe
O4 - HKLM\..\RunOnce: [ntbq32.exe] C:\WINDOWS\system32\ntbq32.exe
O4 - HKLM\..\RunOnce: [mfcaf32.exe] C:\WINDOWS\mfcaf32.exe
O4 - HKLM\..\RunOnce: [apian.exe] C:\WINDOWS\apian.exe
O4 - HKLM\..\RunOnce: [atlin.exe] C:\WINDOWS\system32\atlin.exe
O4 - HKLM\..\RunOnce: [sdkyd32.exe] C:\WINDOWS\system32\sdkyd32.exe
O4 - HKLM\..\RunOnce: [javajw.exe] C:\WINDOWS\javajw.exe
O4 - HKLM\..\RunOnce: [sdkdo.exe] C:\WINDOWS\sdkdo.exe
O4 - HKLM\..\RunOnce: [msrb32.exe] C:\WINDOWS\system32\msrb32.exe
O4 - HKLM\..\RunOnce: [javaac.exe] C:\WINDOWS\system32\javaac.exe
O4 - HKLM\..\RunOnce: [javauv32.exe] C:\WINDOWS\system32\javauv32.exe
O4 - HKLM\..\RunOnce: [apizs32.exe] C:\WINDOWS\system32\apizs32.exe
O4 - HKLM\..\RunOnce: [crud.exe] C:\WINDOWS\crud.exe
O4 - HKLM\..\RunOnce: [mfcof.exe] C:\WINDOWS\system32\mfcof.exe
O4 - HKLM\..\RunOnce: [ienv32.exe] C:\WINDOWS\system32\ienv32.exe
O4 - HKLM\..\RunOnce: [javalc32.exe] C:\WINDOWS\javalc32.exe
O4 - HKLM\..\RunOnce: [crls.exe] C:\WINDOWS\system32\crls.exe
O4 - HKLM\..\RunOnce: [javaus.exe] C:\WINDOWS\javaus.exe
O4 - HKLM\..\RunOnce: [d3id.exe] C:\WINDOWS\d3id.exe
O4 - HKLM\..\RunOnce: [appxa32.exe] C:\WINDOWS\system32\appxa32.exe
O4 - HKLM\..\RunOnce: [apiwh.exe] C:\WINDOWS\system32\apiwh.exe
O4 - HKLM\..\RunOnce: [ipbm.exe] C:\WINDOWS\system32\ipbm.exe
O4 - HKLM\..\RunOnce: [ntpi32.exe] C:\WINDOWS\ntpi32.exe
O4 - HKLM\..\RunOnce: [addac32.exe] C:\WINDOWS\system32\addac32.exe
O4 - HKLM\..\RunOnce: [ntdn32.exe] C:\WINDOWS\system32\ntdn32.exe
O4 - HKLM\..\RunOnce: [sdkrs32.exe] C:\WINDOWS\system32\sdkrs32.exe
O4 - HKLM\..\RunOnce: [sdkxp32.exe] C:\WINDOWS\sdkxp32.exe
O4 - HKLM\..\RunOnce: [atlcl.exe] C:\WINDOWS\atlcl.exe
O4 - HKLM\..\RunOnce: [apivm32.exe] C:\WINDOWS\system32\apivm32.exe
O4 - HKLM\..\RunOnce: [sdktu32.exe] C:\WINDOWS\sdktu32.exe
O4 - HKLM\..\RunOnce: [winda.exe] C:\WINDOWS\system32\winda.exe
O4 - HKLM\..\RunOnce: [crcq32.exe] C:\WINDOWS\crcq32.exe
O4 - HKLM\..\RunOnce: [ipsf32.exe] C:\WINDOWS\system32\ipsf32.exe
O4 - HKLM\..\RunOnce: [ipan.exe] C:\WINDOWS\system32\ipan.exe
O4 - HKLM\..\RunOnce: [netan.exe] C:\WINDOWS\netan.exe
O4 - HKLM\..\RunOnce: [msjw.exe] C:\WINDOWS\msjw.exe
O4 - HKLM\..\RunOnce: [ntil32.exe] C:\WINDOWS\ntil32.exe
O4 - HKLM\..\RunOnce: [appcc.exe] C:\WINDOWS\system32\appcc.exe
O4 - HKLM\..\RunOnce: [netgg32.exe] C:\WINDOWS\netgg32.exe
O4 - HKLM\..\RunOnce: [mfcve32.exe] C:\WINDOWS\mfcve32.exe
O4 - HKLM\..\RunOnce: [atlka32.exe] C:\WINDOWS\atlka32.exe
O4 - HKLM\..\RunOnce: [ieox32.exe] C:\WINDOWS\system32\ieox32.exe
O4 - HKLM\..\RunOnce: [mfcji32.exe] C:\WINDOWS\system32\mfcji32.exe
O4 - HKLM\..\RunOnce: [ipon.exe] C:\WINDOWS\ipon.exe
O4 - HKLM\..\RunOnce: [netxn32.exe] C:\WINDOWS\system32\netxn32.exe
O4 - HKLM\..\RunOnce: [netmy.exe] C:\WINDOWS\netmy.exe
O4 - HKLM\..\RunOnce: [ieut32.exe] C:\WINDOWS\system32\ieut32.exe
O4 - HKLM\..\RunOnce: [appkx.exe] C:\WINDOWS\appkx.exe
O4 - HKLM\..\RunOnce: [addly.exe] C:\WINDOWS\system32\addly.exe
O4 - HKLM\..\RunOnce: [crqs.exe] C:\WINDOWS\system32\crqs.exe
O4 - HKLM\..\RunOnce: [neter32.exe] C:\WINDOWS\neter32.exe
O4 - HKLM\..\RunOnce: [mfczc.exe] C:\WINDOWS\system32\mfczc.exe
O4 - HKLM\..\RunOnce: [ieyk32.exe] C:\WINDOWS\system32\ieyk32.exe
O4 - HKLM\..\RunOnce: [apick32.exe] C:\WINDOWS\apick32.exe
O4 - HKLM\..\RunOnce: [addaz.exe] C:\WINDOWS\system32\addaz.exe
O4 - HKLM\..\RunOnce: [d3zp32.exe] C:\WINDOWS\system32\d3zp32.exe
O4 - HKLM\..\RunOnce: [ntpw32.exe] C:\WINDOWS\ntpw32.exe
O4 - HKLM\..\RunOnce: [sdkxm32.exe] C:\WINDOWS\sdkxm32.exe
O4 - HKLM\..\RunOnce: [iehf32.exe] C:\WINDOWS\iehf32.exe
O4 - HKLM\..\RunOnce: [netgn32.exe] C:\WINDOWS\system32\netgn32.exe
O4 - HKLM\..\RunOnce: [d3bz32.exe] C:\WINDOWS\system32\d3bz32.exe
O4 - HKLM\..\RunOnce: [sysgd.exe] C:\WINDOWS\sysgd.exe
O4 - HKLM\..\RunOnce: [iepd32.exe] C:\WINDOWS\system32\iepd32.exe
O4 - HKLM\..\RunOnce: [msda.exe] C:\WINDOWS\msda.exe
O4 - HKLM\..\RunOnce: [sysjf.exe] C:\WINDOWS\sysjf.exe
O4 - HKLM\..\RunOnce: [mfcbd32.exe] C:\WINDOWS\system32\mfcbd32.exe
O4 - HKLM\..\RunOnce: [sdkiy.exe] C:\WINDOWS\system32\sdkiy.exe
O4 - HKLM\..\RunOnce: [javaed.exe] C:\WINDOWS\system32\javaed.exe
O4 - HKLM\..\RunOnce: [netah.exe] C:\WINDOWS\system32\netah.exe
O4 - HKLM\..\RunOnce: [ipuw32.exe] C:\WINDOWS\ipuw32.exe
O4 - HKLM\..\RunOnce: [ipjr.exe] C:\WINDOWS\system32\ipjr.exe
O4 - HKLM\..\RunOnce: [sdkmm32.exe] C:\WINDOWS\sdkmm32.exe
O4 - HKLM\..\RunOnce: [sdkew.exe] C:\WINDOWS\system32\sdkew.exe
O4 - HKLM\..\RunOnce: [netzu32.exe] C:\WINDOWS\system32\netzu32.exe
O4 - HKLM\..\RunOnce: [apidj.exe] C:\WINDOWS\system32\apidj.exe
O4 - HKLM\..\RunOnce: [netxs32.exe] C:\WINDOWS\netxs32.exe
O4 - HKLM\..\RunOnce: [winrr32.exe] C:\WINDOWS\system32\winrr32.exe
O4 - HKLM\..\RunOnce: [d3eu.exe] C:\WINDOWS\system32\d3eu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Server Management.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122992047796
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IVISA-CCS.local
O17 - HKLM\Software\..\Telephony: DomainName = IVISA-CCS.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E2A7A6F-2A09-4033-9175-372300A4198A}: NameServer = 192.168.1.17,192.168.1.18
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IVISA-CCS.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IVISA-CCS.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\wingt.exe" /s (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe