Thorsen Skrevet 2. januar 2009 Del Skrevet 2. januar 2009 Hei Har et problem på en maskin. Når jeg søker etter ting på google så blir resultatene spoofet og byttet ut med diverse lugubre sider. Se bilde: Det gjelder bare på denne ene maskinen på nettverket. Tenke først på host fila, men både den og registerbanen til den ser ok ut. C:\WINDOWS\system32\drivers\etc\host # Copyright © 1993-1999 Microsoft Corporation # # Dette er en eksempel på en HOSTS-fil som brukes av Microsoft TCP/IP for Windows. # # Denne filen inneholder tilordninger av IP-adresser til vertsnavn. Alle # oppføringer må være på hver sin linje. IP-adressen plasseres i den # første kolonnen, etterfulgt av det tilsvarende vertsnavnet. IP-adressen # og vertsnavnet må være adskilt av minst ett mellomrom. # # I tillegg kan kommentarer (som denne) settes inn på egne linjer, eller # etter maskinnavnet, anført med et nummertegn ("#") # # Eksempel: # # 102.54.94.97 rhino.acme.com # kildeserver # 38.25.63.10 x.acme.com # x-klientvert 127.0.0.1 localhost Har kjørt følgende: -Nod32 antivirus scan på Systemdisk C:\, fant ingenting. -AdAware 2008, fant ingenting bortsett fra noen tracking cookies. -Spybot S&D, fant ingenting bortsett fra noen tracking cookies. -Malwarebyte's Anti Malware, fant ingenting. (se logg nedenfor) Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1594 Windows 5.1.2600 Service Pack 3 02.01.2009 10:41:01 mbam-log-2009-01-02 (10-41-01).txt Skanntype: Rask Skann Objekter skannet: 69539 Tid tilbakelagt: 4 minute(s), 45 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) -Combofix fjernet noe, men det hadde ingen virkning og rapporterte følgende: ComboFix 09-01-01.01 - Thorsen 2009-01-02 10:09:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2047.1369 [GMT 1:00] Kjører fra: c:\documents and settings\Thorsen\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Thorsen\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . Følgende filer ble deaktivert: c:\programfiler\Fellesfiler\Logitech\LVMVFM\LVPrcInj.dll ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\drivers\npf.sys c:\windows\system32\mdm.exe c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wanpacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-02 til 2009-01-02 ))))))))))))))))))))))))))))))))) . 2009-01-02 10:02 . 2009-01-02 10:03 <DIR> d-------- C:\32788R22FWJFW 2009-01-02 09:24 . 2009-01-02 09:26 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2009-01-01 22:15 . 2009-01-01 22:15 <DIR> d-------- c:\programfiler\TeaTimer (Spybot - Search & Destroy) 2009-01-01 22:15 . 2009-01-01 22:15 <DIR> d-------- c:\programfiler\SDHelper (Spybot - Search & Destroy) 2009-01-01 22:15 . 2009-01-01 22:15 <DIR> d-------- c:\programfiler\Misc. Support Library (Spybot - Search & Destroy) 2009-01-01 22:06 . 2009-01-01 22:06 <DIR> d-------- c:\documents and settings\All Users\Programdata\TEMP 2008-12-26 18:18 . 2008-12-26 18:19 16,608 --a------ c:\windows\gdrv.sys 2008-12-18 16:28 . 2008-12-18 16:27 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-16 11:29 . 2008-12-16 11:29 <DIR> d-------- c:\programfiler\MSECache 2008-12-13 00:32 . 2008-12-13 00:32 <DIR> d-------- c:\programfiler\Ventrilo 2008-12-13 00:32 . 2008-12-13 00:32 261 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2008-12-11 17:52 . 2008-12-11 17:52 <DIR> d-------- c:\windows\system32\no 2008-12-11 17:52 . 2008-12-11 17:52 <DIR> d-------- c:\windows\system32\bits 2008-12-11 17:52 . 2008-12-11 17:52 <DIR> d-------- c:\windows\l2schemas 2008-12-11 17:50 . 2008-12-11 17:52 <DIR> d-------- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-02 09:21 78,932,000 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-02 09:20 --------- d-----w c:\documents and settings\Thorsen\Programdata\nView_Wallpaper 2009-01-02 09:18 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-01-02 09:15 940,556 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-02 08:25 --------- d-----w c:\documents and settings\Thorsen\Programdata\Lavasoft 2009-01-02 08:23 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-01-01 21:20 --------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2008-12-22 16:52 --------- d-----w c:\documents and settings\Thorsen\Programdata\Canon 2008-12-20 21:25 --------- d-----w c:\documents and settings\Thorsen\Programdata\AdobeUM 2008-12-18 15:27 --------- d-----w c:\programfiler\Java 2008-12-16 19:05 --------- d-----w c:\documents and settings\Thorsen\Programdata\gtk-2.0 2008-12-12 23:35 --------- d-----w c:\documents and settings\Thorsen\Programdata\Ventrilo 2008-12-11 17:14 --------- d-----w c:\programfiler\MSN Messenger 2008-11-07 20:14 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-07 20:13 --------- d-----w c:\programfiler\NVIDIA Corporation 2008-11-07 20:11 --------- d-----w c:\programfiler\NVIDIA nTune Performance Application 2007-07-20 22:01 0 ----a-w c:\documents and settings\Thorsen\bascom.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="e:\andre nyttinge programmer\PeerGuardian2\pg2.exe" [2005-09-18 1421824] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "GCS"="e:\programfiler\GrabClipSave\GrabClipSave.exe" [2003-04-14 976896] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "ZoneAlarm Client"="c:\programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-18 136600] "RCSystem"="c:\programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2007-03-21 949376] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280] "LogonStudio"="e:\andre nyttinge programmer\LogonStudio\logonstudio.exe" [2002-09-03 987187] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952] "CTDVDDET"="c:\programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "Computer clean"="c:\deletetempfiles\Computer clean.bat" [2008-01-24 181] "Cobian Backup 8 interface"="e:\andre nyttinge programmer\Cobian Bacup\cbInterface.exe" [2007-03-20 2424320] "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "PtiuPbmd"="ulutil2.dll" [2003-11-05 c:\windows\system32\ulutil2.dll] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "nForce Tray Options"="sstray.exe" [2003-08-13 c:\windows\system32\sstray.exe] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] "CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Thorsen\Start-meny\Programmer\Oppstart\ LCD Smartie.lnk - e:\andre nyttinge programmer\lcd_smartie_v5.4\LCDSmartie.exe [2007-03-18 1655808] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.i420"= i420vfw.dll "msacm.ac3filter"= ac3filter.acm "msacm.divxa32"= divxa32.acm "aux2"= wdmaud.sys [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"= "e:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"= "e:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Spill\\Unreal Tournament 3\\Binaries\\UT3.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27270:TCP"= 27270:TCP:Scorheed "27271:UDP"= 27271:UDP:Schoreeed R0 bb-run;Promise driver accelerator;c:\windows\system32\drivers\bb-run.sys [2005-02-15 17408] R0 DontGo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\DontGo.sys [2005-02-15 7680] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2003-04-28 116264] R0 SiFilter;SATALink driver accelerator;c:\windows\system32\DRIVERS\SiWinAcc.sys [2003-04-28 19240] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2003-04-28 19240] R0 srescan;srescan;c:\windows\system32\ZoneLabs\srescan.sys [2008-08-02 51176] R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2005-02-15 125440] R1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-04-13 3026] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-03-18 15424] R1 truecrypt;truecrypt;c:\windows\system32\drivers\truecrypt.sys [2007-04-02 226496] R2 aslm75;aslm75;\??\c:\windows\system32\drivers\aslm75.sys [2006-09-06 6272] R2 Cadence License Manager;Cadence License Manager;e:\orcad_10\license_manager\lmgrd.exe [2007-01-27 608768] R2 CobBMService;Cobian Backup 8 service;e:\andre nyttinge programmer\Cobian Bacup\cbService.exe [2007-08-19 498176] R2 JavaQuickStarterService;Java Quick Starter;"c:\programfiler\Java\jre6\bin\jqs.exe" -service -config "c:\programfiler\Java\jre6\lib\deploy\jqs\jqs.conf" [2008-12-18 152984] R2 LVPrcSrv;Logitech Process Monitor;c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920] R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;e:\programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [] R2 nTuneService;nTune Service;c:\programfiler\NVIDIA Corporation\nTune\nTuneService.exe /StartService [2007-09-04 131072] R2 NVSvc;NVIDIA Display Driver Service;c:\windows\system32\nvsvc32.exe [2006-08-11 159812] R2 UtMsgSvc;UtMsgAgt;"c:\programfiler\Promise\Promise Disk Controller Manager\UtMsgAgt.exe" [2004-09-22 229376] R3 ctac32k;Creative AC3 Software Decoder;c:\windows\system32\drivers\ctac32k.sys [2006-08-17 502272] R3 ctaud2k;Creative Audio Driver (WDM);c:\windows\system32\drivers\ctaud2k.sys [2006-08-17 500480] R3 ctprxy2k;Creative Proxy Driver;c:\windows\system32\drivers\ctprxy2k.sys [2006-08-17 7168] R3 ctsfm2k;Creative SoundFont Management Device Driver;c:\windows\system32\drivers\ctsfm2k.sys [2006-08-17 143872] R3 emupia;E-mu Plug-in Architecture Driver;c:\windows\system32\drivers\emupia2k.sys [2006-08-17 78336] R3 FilterService;UVC Filter Service;c:\windows\system32\DRIVERS\lvuvcflt.sys [2006-09-07 14080] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528] R3 lvpopflt;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopflt.sys [2006-09-07 2010240] R3 LVPrcMon;Logitech LVPrcMon Driver;\??\c:\windows\system32\drivers\LVPrcMon.sys [2005-12-09 16768] R3 LVUVC;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc.sys [2006-09-07 1103488] R3 mf;mf;c:\windows\system32\DRIVERS\mf.sys [2004-08-04 63744] R3 ms_mpu401;Microsoft MPU-401 MIDI UART-driver;c:\windows\system32\drivers\msmpu401.sys [2006-09-06 2944] R3 NVR0Dev;NVR0Dev;\??\c:\windows\nvoclock.sys [2007-09-04 29696] R3 ossrv;Creative OS Services Driver;c:\windows\system32\drivers\ctoss2k.sys [2006-08-17 116224] R3 pgfilter;pgfilter;\??\e:\andre nyttinge programmer\PeerGuardian2\pgfilter.sys [2006-12-17 5632] R3 UTDpcService;ULEVTBDG;\??\c:\programfiler\Promise\Promise Disk Controller Manager\ULEVTBDG.sys [2004-09-20 6656] R3 WinDriver6;WinDriver6;c:\windows\system32\drivers\windrvr6.sys [2006-09-12 253672] S1 STYLEXPHELPER;STYLEXPHELPER;\??\e:\andre nyttinge programmer\StyleBuilder\STYLEXPHELPER.EXE [] S2 DS1410D;DS1410D;c:\windows\system32\drivers\DS1410D.SYS [] S3 ctdvda2k;Creative DVD-Audio Device Driver;c:\windows\system32\drivers\ctdvda2k.sys [2005-07-13 340176] S3 gdrv;gdrv;\??\c:\windows\gdrv.sys [2008-12-26 16608] S3 matlabserver;MATLAB Server;e:\matlab71\webserver\bin\win32\matlabserver.exe [2006-01-09 536576] S3 msgame;Sidewinder HID to Joystick Port Enabler;c:\windows\system32\DRIVERS\msgame.sys [2007-10-29 35200] S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS);"c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [2007-02-10 29178224] S3 NdisIP;Microsoft TV/video-tilkobling;c:\windows\system32\DRIVERS\NdisIP.sys [2006-09-07 10880] S3 nvax;Service for NVIDIA® nForce Audio Enumerator;c:\windows\system32\drivers\nvax.sys [2006-09-06 36864] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver;c:\windows\system32\DRIVERS\NVENET.sys [2006-09-06 70656] S3 nvnforce;Service for NVIDIA® nForce Audio;c:\windows\system32\drivers\nvapu.sys [2006-09-06 311552] S3 SandraDataSrv;Sandra Data Service;e:\programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe [2006-09-07 119800] S3 SandraTheSrv;Sandra Service;e:\programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe [2006-09-07 1156096] S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\DRIVERS\sea3bus.sys [2007-01-26 61600] S3 SLIP;BDA Slip De-Framer;c:\windows\system32\DRIVERS\SLIP.sys [2006-09-07 11136] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;e:\programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [] S3 SQLWriter;SQL Server VSS Writer;"c:\programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 89968] S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2007-07-05 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2007-07-05 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2007-07-05 97056] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2007-07-05 88560] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2007-07-05 86368] S3 WINIO;WINIO;\??\c:\windows\system32\winio.sys [2008-02-12 41324] S4 MSSQLServerADHelper;SQL Server Active Directory Helper;"c:\programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [2005-10-14 45272] S4 msvsmon90;Visual Studio 2008 Remote Debugger;"e:\programfiler\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 [2007-07-06 2988888] S4 SQLBrowser;SQL Server Browser;"c:\programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [2007-02-10 242544] S4 WinVNC4;VNC Server Version 4;"e:\programfiler\RealVNC\VNC4\WinVNC4.exe" -service [2006-11-04 439248] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - i:\autorun\SPLASH.EXE \Shell\INSTALL\COMMAND - I:\SETUP.EXE . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-25 c:\windows\Tasks\Computer clean.job - c:\deletetempfiles\Computer clean.bat [2008-01-24 17:08] 2008-12-25 c:\windows\Tasks\Computer clean.job - c:\windows\Temp\*.* [2009-01-02 10:20] . - - - - TOMME PEKERE FJERNET - - - - HKLM-RunServices-scvhost - c:\config\scvhost.exe . ------- Tilleggsskanning ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = 127.0.0.1;localhost;2rzn uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Translate with ATLAS - e:\andre nyttinge programmer\Atlas\Atlscript.html IE: ATLAS Translation &Editor - e:\andre nyttinge programmer\Atlas\AtlscriptEdit.html IE: Save Flash - e:\programfiler\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 IE: {{B7707A72-4355-11D4-82BD-00000EBBEF8D} - e:\andre nyttinge programmer\Atlas\Atlscript.html LSP: imon.dll Trusted Zone: thyra.uis.no FF - ProfilePath - c:\documents and settings\Thorsen\Programdata\Mozilla\Firefox\Profiles\7pmny0xc.default\ FF - prefs.js: browser.startup.homepage - www.stavanger-aftenblad.no FF - component: e:\programfiler\Firefox2\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\WPF\NPWPF.dll FF - plugin: e:\programfiler\Firefox3\Mozilla Firefox\plugins\npnul32.dll FF - plugin: e:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: e:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: e:\programfiler\VideoLAN\VLC\npvlc.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-02 10:19:53 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\Network1-484763869-2000478354-682003330-1003\Software\Leaf\F0_00Œ0‹0‚0n0(*NULL*D*NULL*V*NULL*D*NULL*Hr)*NULL*] "InstallExe"="h:\\UtawaDVD\\???????DVD?\\utaware-dvd.exe" "InstallDir"="h:\\UtawaDVD\\???????DVD?\\" [HKEY_USERS\Network1-484763869-2000478354-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\Network1-484763869-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*P*NULL*O*NULL*R*NULL*E*NULL*"!] "Order"=hex:08,00,00,00,02,00,00,00,78,02,00,00,01,00,00,00,05,00,00,00,8e,00,\ 00,00,00,00,00,00,80,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6e,00,32,\ 00,7e,04,00,00,24,39,cb,63,20,00,41,56,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,\ 44,00,03,00,04,00,ef,be,24,39,cb,63,26,39,96,83,14,00,00,00,41,00,76,00,69,\ 00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,53,00,50,00,4f,00,\ 52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\ be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,01,00,00,00,6c,00,\ 00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,28,03,00,00,24,39,cb,\ 63,20,00,45,41,2d,68,6a,65,6c,70,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,\ 24,39,cb,63,26,39,96,83,14,00,00,00,45,00,41,00,2d,00,68,00,6a,00,65,00,6c,\ 00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\ 00,00,1c,00,00,00,00,00,00,00,00,00,74,00,00,00,02,00,00,00,66,00,00,00,41,\ 75,67,4d,02,00,00,00,01,00,00,00,54,00,32,00,82,05,00,00,24,39,cb,63,20,00,\ 4c,65,73,4d,65,67,2e,6c,6e,6b,00,00,2c,00,03,00,04,00,ef,be,24,39,cb,63,26,\ 39,96,83,14,00,00,00,4c,00,65,00,73,00,4d,00,65,00,67,00,2e,00,6c,00,6e,00,\ 6b,00,00,00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,\ 00,00,00,7c,00,00,00,03,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,\ 00,00,5c,00,32,00,d4,02,00,00,24,39,cb,63,20,00,53,50,4f,52,45,43,7e,31,2e,\ 4c,4e,4b,00,00,32,00,03,00,04,00,ef,be,24,39,cb,63,26,39,96,83,14,00,00,00,\ 53,00,70,00,6f,00,72,00,65,00,2e,00,63,00,6f,00,6d,00,2e,00,6c,00,6e,00,6b,\ 00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,\ 00,00,74,00,00,00,04,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\ 00,54,00,32,00,7a,02,00,00,24,39,cb,63,20,00,53,50,4f,52,45,7e,31,2e,4c,4e,\ 4b,00,2c,00,03,00,04,00,ef,be,24,39,cb,63,26,39,96,83,14,00,00,00,53,00,50,\ 00,4f,00,52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,0e,00,00,00,\ 0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00 [HKEY_USERS\Network1-484763869-2000478354-682003330-1003\Software\SecuROM\License information*NULL*] "datasecu"=hex:34,fc,ed,d9,2e,98,32,af,aa,ea,ba,6e,c2,aa,fc,59,96,9f,45,6d,df,\ e6,af,54,dd,82,d5,f6,8e,96,92,8c,54,cd,3c,93,51,03,f9,c1,8b,c0,eb,6d,0e,d9,\ 4c,19,77,31,6c,1c,c8,98,bf,f8,6f,b5,69,a7,3f,ca,98,29,9e,f7,aa,a4,27,30,32,\ 93,34,fa,00,f5,c5,e5,8d,0d,1a,48,06,88,6f,f4,a7,be,7c,f8,68,29,ac,7d,d2,6d,\ 2f,65,cd,1a,67,60,4b,dd,26,40,e7,d4,a0,e1,ce,52,60,4b,d9,46,6e,c2,1a,a5,43,\ ad,bf,75,52,c7,f9,bf,42,20,9d,66,92,fa,99,f1,92,2e,ec,ea,f2,5a,59,06,38,b5,\ 8e,cf,f7,16,5b,30,ce,e6,61,fe,37,66,a1,5e,55,84,57,1b,2d,e2,c7,ca,60,f1,9a,\ 22,83,05,e4,bc,bd,a7,b9,16,8f,fd,d2,27,32,5a,67,72,8d,10,de,f4,f1,ef,37,eb,\ 45,f4,dd,a0,7a,f7,33,b5,ad,4a,ea,02,65,7d,7b,7a,af,02,fc,7d,d5,0a,ef,70,2e,\ fb,e0,81,e7,bf,56,40,5b,15,54,ad,19,79,fc,d5,cf,ce,0e,b9,ba,22,1a,a8,31,b5,\ 44,4f,e2,be,36,26,49,cd,f6,87,9f,f1,f6,d7,87,cc,cc,d7,98,65,de,1f,f1,38,8c,\ e5,24,31,87,42,cc,a5,fe,f3,bc,95,51,8a,10,6a,b3,51,80,8f,ea,80,9b,c7,d6,77,\ 3e,b5,76,3b,35,e8,d2,a2,44,8d,a0,e1,ff,ef,a7,ec,76,04,20,29,9e,85,dc,05,c5,\ 9c,22,36,31,dc,c7,6e,b4,7a,ee,b7,7e,b3,48,53,a4,96,82,e9,77,b1,f9,52,31,4e,\ b9,7c,37,b4,8b,a4,13,3c,10,67,20,45,a4,6f,06,68,91,d2,52,9a,d3,fd,09,18,c5,\ 91,e5,cf,d9,2d,ef,93,ca,41,ce,d4,53,5c,44,2f,6d,c9,cf,52,f6,27,e1,91,9b,1b,\ 13,10,b0,e1,62,ef,21,a9,dd,80,0b,21,27,8d,63,86,cb,e0,11,98,6c,ef,9a,7a,59,\ 36,a4,a8,71,7f,46,b0,69,f0,8b,85,1d,c5,d8,9e,f0,c5,f1,ba,1b,ae,b3,a8,79,a7,\ 65,97,b1,92,20,b7,1a,4d,d9,9b,b5,02,b6,b6,98,4c,06,28,a7,77,3d,db,ef,fd,11,\ bf,bd,6b,64,6b,b0,a0,26,f7,ef,11,ba,7f,d5,0d,b4,9a,b9,db,e1,0d,f7,a1,85,4b,\ 7a,20,97,72,46,aa,bd,7c,45,ab,af,6d,03,5e,42,83,0f,05,13,92,2d,e5,0e,7d,47,\ 8c,74,a9,1d,71,1e,fe,00,a8,24,a5,55,d9,76,ea,8b,63,f8,d7,25,a5,48,ec,fc,34,\ b3,c2,79,70,95,39,bc,a4,63,aa,84,c6,7c,3e,e7,2a,72,79,c0,ad,f6,f7,07,96,84,\ 49,54,21,9f,88,30,fa,83,a8,f0,cc,9e,f0,1b,cf,d4,83,5a,9e,73,3a,e7,37,8d,64,\ 43,08,f4,d5,aa,5d,43,33,76,c8,59,03,26,d7,6e,42,a4,7d,80,7f,9a,e7,39,09,a0,\ 9d,3f,d4,cf,61,f2,f0,c6,7f,d3,61,55,c7,5a,5a,7f,cc,f5,b2,b4,fc,d8,c3,06,85,\ 2e,c3,c6,3f,fc,6a,89,2f,39,41,78,7c,54,85,da,a7,a5,9f,c3,f6,38,03,84,f6,8d,\ 8f,4d,d6,29,36,e7,c7,0b,4b,4f,e4,65,8b,44,df,d7,df,06,45,d9,4c,de,5a,3f,3f,\ dd,ff,aa,71,62,39,2f,c2,d8,e7,1b,43,09,2c,21,12,67,2f,91,ae,25,70,0b,28,a2,\ 94,f1,e2,0e,81,bd,65,99,00,8a,e1,68,0e,d6,c0,9f,05,bd,46,2c,ca,cf,85,ce,28,\ 39,ae,47,7f,f9,7e,88,b8,f2,e8,f6,35,90,df,6a,64,81,85,58,c9,26,0e,94,af,8b,\ d0,01,63,de,a7,7f,94,6f,31,bd,e6,20,56,eb,4f,58,f5,35,50,5f,22,34,d9,2f,1a,\ 88,80,19,5a,53,3d,b0,dc,57,1a,94,4f,23,38,27,be,bf,79,e2,dd,f1,92,41,9e,99,\ 9e,08,69,38,4f,b2,49,1a,83,ce,f8,18,37,35,fb,71,97,ab,71,23,61,c9,23,78,e0,\ 72,f7,24,5c,6f,f1,e4,96,cf,cd,c8,12,6d,83,6b,34,48,7e,e0,aa,7f,84,42,45,59,\ d5,eb,c9,4d,35,53,66,1c,a8,9d,ca,71,97,d3,72,c3,44,21,dc,96,d0,de,47,46,6e,\ f3,78,d8,86,a9,c3,7b,8f,72,db,f2,5d,eb,77,1c,00,0c,e4,e2,bd,ac,df,88,62,ea,\ a2,d5,b7,1c,d5,e0,9d,2f,84,12,89,60,92,51,b0,84,e2,c4,5a,c0,89,30,75,72,58,\ 64,27,0b,79,da,0e,57,5a,58,e1,ea,b5,6d,79,f3,40,a1,55,c2,a3,c5,3f,ef,c3,47,\ dd,bf,44,80,44,8b,2a,3c,b9,64,cf,1c,5f,52,69,e5,85,9c,c0,87,79,40,90,0c,2b,\ 16,32,33,61,60,fc,7d,73,4d,6e,8e,b7,08,ea,7a,fb,24,f9,c0,0d,58,12,f4,b3,5d,\ 18,d6,7b,83,b2,c9,da,ac,c7,b4,05,6b,71,10,9a,c2,ad,a6,ea,27,5b,19,42,d1,30,\ 2e,47,71,69,09,ce,19,f8,aa,9d,35,65,a1,18,80,a6,9d,e4,16,3c,6c,0b,86,35,a6,\ dd,08,03,d8,7c,82,36,2c,9a,82,de,0a,86,19,b1,7b,dc,ca,ce,27,13,d1,77,4b,84,\ 57,e1,87,39,a8,83,42,e0,b5,b3,57,9e,f1,1f,c7,7e,44,a7,d7,e7,df,f6,23,e8,4b,\ 19,d4,86,f6,9b,79,43,e6,8d,d3,89,c8,1b,c6,80,fa,49,aa,62,0c,60,7a,0f,8e,b5,\ 4f,58,a2,5c,56,42,6e,d0,74,3a,ab,8f,c5,84,e3,a4,52,1d,54,4a,b9,9c,47,79,0b,\ 6e,4d,40,a1,6e,6a,30,c4,80,8b,34,71,bf,2c,6a,94,00,e8,27,e3,be,ba,fc,c7,0d,\ a6,20,2a,d0,c8,45,e6,39,44,30,30,90,a8,0c,05,54,ec,a2,1e,78,25,90,f7,f1,42,\ 93,44,a4,2f,42,1d,9c,8d,99,46,fb,24,06,ec,2c,b9,c5,a6,ad,96,0c,c0,f6,1c,7a,\ 86,fc,42,16,f2,02,27,88,dc,88,91,ac,40,83,c1,bd,10,73,ec,0b,bc,ea,07,4a,cc,\ 0d,b5,ef,c8,9f,6c,9f,cc,7b,7b,ee,5b,b2,47,38,72,57,a5,86,0d,47,31,8e,6d,6a,\ 8d,33,a5,1d,de,7c,99,9b,f8,5d,22,a4,eb,b8,d4,aa,fd,e3,38,bd,7a,46,4f,72,f0,\ b7,29,f0,e1,c8,70,a2,1b,c4,c8,39,62,69,6b,d7,78,63,1d,11,d5,1d,b3,df,ba,0c,\ 9e,6c,a7,72,69,7b,eb,80,ab,77,a8,4c,e3,51,cb,8e,72,0e,4e,d4,29,00,d2,b4,1e,\ 31,86,47,94,30,32,fd,0e,6c,ce,57,2a,f9,bb,f7,6d,c3,89,e1,e6,9b,7f,f7,88,6f,\ 00,33,9c,7e,7e,a2,eb,96,42,b8,a9,ec,1b,ee,a5,39,f7,0d,e4,60,ee,04,49,71,79,\ 23,ce,8f,31,b1,9a,0b,1e,d3,89,21,0e,9b,39,0a,ee,99,12,e6,a4,e8,57,88,e5,cf,\ 33,4d,cc,4d,a6,46,5e,b3,85,c6,34,65,90,3a,1d,28,7a,28,c9,fd,7a,e2,87,a9,2b,\ b7,ac,64,a0,75,8a,39,0b,a6,86,e2,91,b0,e4,5b,34,2b,69,f1,82,3e,f9,e9,65,70,\ cd,bb,7c,8d,fe,b4,86,9d,30,10,34,8d,10,1f,e9,9d,a2,b9,74,bf,ef,92,f5,fc,35,\ 3a,2e,8c,2d,c3,b9,36,f8,a0,4f,1d,af,4f,09,02,ce,b3,88,1e,8a,08,2f,5a,06,df,\ 62,5d,06,a0,c7,6e,ff,73,62,94,56,4c,c5,c7,0e,73,43,39,90,2d,4c,c3,a7,e2,52,\ 28,2d,08,f9,37,2e,2b,cd,72,06,0d,aa,0b,b9,83,a0,c8,e5,8a,71,b4,fb,37,a0,14,\ c3,c0,31,72,6f,09,ca,19,f4,e5,4f,6c,ba,c3,1c,a0,3d,be,2e,59,a8,8d,d3,ca,d1,\ 76,e3,74,8d,ca,fa,f2,44,a5,80,3b,1f,f5,61,57,f2,63,81,08,79,bb,47,5c,83,3e,\ 8b,1c,81,18,95,ef,5a,2c,57,87,54,58,2f,47,07,bf,65,dc,6c,2c,88,84,8f,67,da,\ 6f,77,e1,76,15,bb,7f,f8,90,12,24,f4,33,bb,a1,2a,e5,a5,10,ce,d5,17,d4,5d,07,\ 3c,e4,70,48,f6,ac,f0,ac,cb,35,7d,3f,02,2f,11,17,96,45,a4,94,f1,dd,07,c2,33,\ 44,de,24,2b,fc,a4,d6,72,9e,ef,d3,e1,89,3a,8e,39,bc,41,b1,72,0d,31,06,ff,58,\ b9,b7,83,ab,f2,9f,80,b7,0e,4b,48,2f,d7,51,01,7c,98,9a,4c,0e,90,cb,06,d3,7b,\ d3,34,6b,b7,24,78,20,c4,22,bb,60,65,7c,e1,87,6e,9a,0b,a8,ac,0f,e9,9b,00,c7,\ c7,4a,6a,ca,ca,9c,4f,71,4e,78,3e,a6,e2,14,14,2d,66,8c,1f,ad,21,cc,57,ce,99,\ 6f,98,c9,54,3d,09,d6,55,ef,8f,de,c5,1a,6e,81,0a,d9,1d,5e,37,c7,37,40,a6,a9,\ 1b,78,6e,65,77,73,28,cf,fd,b0,d6,14,8a,6d,06,ad,d6,6c,6b,33,ea,65,dc,55,52,\ bc,b3,da,3c,ff,81,ee,1e,ce,7e,2c,2c,5b,bd,82,28,ab,d1,a0,1a,d6,81,1c,98,ce,\ cc,36,7a,a3,d6,c9,e8,43,11,18,6b,2c,d6,ec,d5,44,c6,36,5a,06,b9,d7,29,70,95,\ b6,fc,b5,de,40,56,77,2f,65,7b,05,0f,bf,26,6a,da,38,ec,67,4b,83,cf,25,90,26,\ c6,a1,78,c5,80,04,1d,fe,7f,72,49,08,99,9d,9d,51,ee,25,f0,3d,f9,93,cf,4c,d6,\ 6f,f7,74,ee,77,ff "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\F0_00Œ0‹0‚0n0(*NULL*D*NULL*V*NULL*D*NULL*Hr)*NULL*] "SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\ 00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00 "Changed"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\F0_00Œ0‹0‚0n0(*NULL*D*NULL*V*NULL*D*NULL*Hr)*NULL*] "UninstallString"="h:\\UtawaDVD\\???????DVD?\\uninstall.exe" "DisplayName"="???????DVD?" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(860) c:\windows\system32\imon.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe e:\programfiler\Lavasoft\Ad-Aware\aawservice.exe c:\programfiler\Java\jre6\bin\jqs.exe e:\orcad_10\license_manager\cdslmd.exe e:\programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe c:\programfiler\ESET\nod32krn.exe c:\programfiler\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\rundll32.exe c:\windows\system32\CTXFISPI.EXE c:\windows\system32\rundll32.exe e:\programfiler\Logitech\MouseWare\system\EM_EXEC.EXE . ************************************************************************** . Tidspunkt ferdig: 2009-01-02 10:27:18 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-01-02 09:27:10 Pre-Run: 22ÿ891ÿ790ÿ336 byte ledig Post-Run: 22,828,023,808 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 602 --- E O F --- 2008-12-18 15:16:02 Så til slutt HJT logg. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:35:37, on 02.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe E:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe E:\OrCAD_10\license_manager\lmgrd.exe E:\Andre nyttinge programmer\Cobian Bacup\cbService.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Promise\Promise Disk Controller Manager\UtMsgAgt.exe E:\OrCAD_10\license_manager\cdslmd.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Eset\nod32kui.exe C:\WINDOWS\system32\sstray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE E:\Andre nyttinge programmer\Cobian Bacup\cbInterface.exe E:\Programfiler\Logitech\MouseWare\system\em_exec.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Andre nyttinge programmer\PeerGuardian2\pg2.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe E:\Programfiler\GrabClipSave\GrabClipSave.exe C:\WINDOWS\system32\ctfmon.exe E:\Andre nyttinge programmer\lcd_smartie_v5.4\LCDSmartie.exe E:\Programfiler\Firefox2\Mozilla Firefox\firefox.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE E:\Andre nyttinge programmer\HJT\noname.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - E:\Andre nyttinge programmer\Atlas\ATLIECP.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - E:\Andre nyttinge programmer\Atlas\ATLIECP.DLL O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RCSystem] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogonStudio] "E:\Andre nyttinge programmer\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [Computer clean] C:\deletetempfiles\Computer clean.bat O4 - HKLM\..\Run: [Cobian Backup 8 interface] "E:\Andre nyttinge programmer\Cobian Bacup\cbInterface.exe" -service O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [PeerGuardian] E:\Andre nyttinge programmer\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [GCS] "E:\Programfiler\GrabClipSave\GrabClipSave.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: LCD Smartie.lnk = E:\Andre nyttinge programmer\lcd_smartie_v5.4\LCDSmartie.exe O8 - Extra context menu item: &Translate with ATLAS - E:\Andre nyttinge programmer\Atlas\Atlscript.html O8 - Extra context menu item: ATLAS Translation &Editor - E:\Andre nyttinge programmer\Atlas\AtlscriptEdit.html O8 - Extra context menu item: Save Flash - res://E:\Programfiler\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - E:\Andre nyttinge programmer\Atlas\Atlscript.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - E:\Programfiler\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Cadence License Manager - GLOBEtrotter Software Inc. - E:\OrCAD_10\license_manager\lmgrd.exe O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - E:\Andre nyttinge programmer\Cobian Bacup\cbService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - E:\MATLAB71\webserver\bin\win32\matlabserver.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: UtMsgAgt (UtMsgSvc) - Promise Technology Inc. - C:\Programfiler\Promise\Promise Disk Controller Manager\UtMsgAgt.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9942 bytes Setter pris på om noen kunne tatt seg tid til å se gjennom dette Lenke til kommentar
snippsat Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 (endret) Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Last ned OTViewIt til skrivebordet. Steng alle vinduer dobbelklikk på OTviewlt. Merk av på "scan all user" boks. KLikk på "Run Scan" la programmet kjøre. Ferdig vil den lage to logger,post OTViewIt.txt og Extras.txt i din neste post. Det samme resultat. google.no google.com IE og firefox. Laste ned siden og se på kildekoden til siden er en mulighet. http://blog.trendmicro.com/fake-google-web...and-an-im-worm/ Endret 3. januar 2009 av SNIPPSAT Lenke til kommentar
Thorsen Skrevet 3. januar 2009 Forfatter Del Skrevet 3. januar 2009 OTViewIt.txt Klikk for å se/fjerne spoilerteksten nedenfor OTViewIt logfile created on: 03.01.2009 12:52:33 - Run OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Thorsen\Skrivebord Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 64,93% Memory free 3,90 Gb Paging File | 3,34 Gb Available in Paging File | 85,65% Paging File free Paging file location(s): C:\pagefile.sys 2100 2100; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 58,59 Gb Total Space | 22,75 Gb Free Space | 38,83% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 94,78 Gb Total Space | 46,26 Gb Free Space | 48,81% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 73,18 Gb Free Space | 31,42% Space Free | Partition Type: NTFS Drive G: | 76,68 Gb Total Space | 31,65 Gb Free Space | 41,27% Space Free | Partition Type: NTFS Drive H: | 153,38 Gb Total Space | 50,70 Gb Free Space | 33,05% Space Free | Partition Type: NTFS Drive I: | 1,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 1,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 6,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive L: | 195,31 Gb Total Space | 28,00 Gb Free Space | 14,34% Space Free | Partition Type: NTFS Drive M: | 24,40 Gb Total Space | 16,82 Gb Free Space | 68,91% Space Free | Partition Type: FAT32 Computer Name: 2RZN Current User Name: Thorsen Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008.07.09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008.09.10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- E:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe [2002.08.09 08:20:02 | 00,608,768 | ---- | M] (GLOBEtrotter Software Inc.) -- E:\OrCAD_10\license_manager\lmgrd.exe [2007.03.20 23:35:44 | 00,498,176 | ---- | M] (Luis Cobian) -- E:\Andre nyttinge programmer\Cobian Bacup\cbService.exe [2008.12.18 16:27:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe [2007.03.21 23:11:50 | 00,552,064 | ---- | M] (Eset ) -- C:\Programfiler\ESET\nod32krn.exe [2007.09.04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe [2008.05.16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2005.01.28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [2004.09.22 16:06:56 | 00,229,376 | ---- | M] (Promise Technology Inc.) -- C:\Programfiler\Promise\Promise Disk Controller Manager\UtMsgAgt.exe [2003.01.28 18:15:04 | 00,746,496 | ---- | M] () -- E:\OrCAD_10\license_manager\cdslmd.exe [2005.06.16 17:25:28 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe [2008.07.09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe [2008.12.18 16:27:52 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jusched.exe [2006.08.17 10:28:14 | 00,729,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE [2007.03.21 23:11:50 | 00,949,376 | ---- | M] (Eset ) -- C:\Programfiler\ESET\nod32kui.exe [2003.08.13 05:25:56 | 00,073,728 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\sstray.exe [2005.12.09 14:32:18 | 00,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE [2008.04.14 17:23:08 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2006.08.17 10:32:10 | 00,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE [2006.08.17 10:32:04 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE [2003.06.18 00:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe [2007.03.20 23:35:38 | 02,424,320 | ---- | M] (Luis Cobian) -- E:\Andre nyttinge programmer\Cobian Bacup\cbInterface.exe [2003.12.18 08:50:00 | 00,038,912 | ---- | M] (Logitech Inc.) -- E:\Programfiler\Logitech\MouseWare\system\EM_EXEC.EXE [2002.12.06 15:07:48 | 00,617,984 | ---- | M] () -- C:\Program Files\ASUS\Probe\AsusProb.exe [2008.04.14 17:23:08 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2005.09.18 18:40:42 | 01,421,824 | ---- | M] (Methlabs) -- E:\Andre nyttinge programmer\PeerGuardian2\pg2.exe [2007.01.19 12:54:44 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\msnmsgr.exe [2003.04.14 08:15:04 | 00,976,896 | ---- | M] ([LoL]Boumchalak) -- E:\Programfiler\GrabClipSave\GrabClipSave.exe [2007.03.18 07:15:26 | 01,655,808 | ---- | M] (SourceForge.net) -- E:\Andre nyttinge programmer\lcd_smartie_v5.4\LCDSmartie.exe [2007.01.19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\usnsvc.exe [2008.12.19 14:06:05 | 07,678,568 | ---- | M] (Mozilla Corporation) -- E:\Programfiler\Firefox2\Mozilla Firefox\firefox.exe [2009.01.03 12:52:02 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thorsen\Skrivebord\OTViewIt.exe ========== (O23) Win32 Services ========== [2008.09.10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- E:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running]) [2007.06.08 09:20:32 | 00,034,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2002.08.09 08:20:02 | 00,608,768 | ---- | M] (GLOBEtrotter Software Inc.) -- E:\OrCAD_10\license_manager\lmgrd.exe -- (Cadence License Manager [Auto | Running]) [2007.06.08 09:20:50 | 00,069,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2007.03.20 23:35:44 | 00,498,176 | ---- | M] (Luis Cobian) -- E:\Andre nyttinge programmer\Cobian Bacup\cbService.exe -- (CobBMService [Auto | Running]) [2007.06.06 08:24:56 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2007.01.04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007.06.06 22:54:10 | 00,843,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) [2008.12.18 16:27:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2005.12.09 14:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\Programfiler\Fellesfiler\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [On_Demand | Stopped]) [2005.07.27 11:53:00 | 00,536,576 | ---- | M] () -- E:\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver [On_Demand | Stopped]) [2002.12.17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- E:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped]) [2007.02.10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [On_Demand | Stopped]) [2005.10.14 11:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped]) [2007.07.06 05:00:46 | 02,988,888 | ---- | M] (Microsoft Corporation) -- E:\Programfiler\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped]) [2007.06.06 22:54:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2007.03.21 23:11:50 | 00,552,064 | ---- | M] (Eset ) -- C:\Programfiler\ESET\nod32krn.exe -- (NOD32krn [Auto | Running]) [2007.09.04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running]) [2008.05.16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2006.10.26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2003.06.13 13:20:56 | 00,081,920 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\Programfiler\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped]) [2006.08.01 17:13:52 | 00,119,800 | ---- | M] (SiSoftware) -- E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv [On_Demand | Stopped]) [2006.08.01 17:11:44 | 01,156,096 | ---- | M] (SiSoftware) -- E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe -- (SandraTheSrv [On_Demand | Stopped]) [2002.12.17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- E:\Programfiler\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped]) [2007.02.10 14:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped]) [2007.02.10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped]) [2005.01.28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [2007.01.19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running]) [2004.09.22 16:06:56 | 00,229,376 | ---- | M] (Promise Technology Inc.) -- C:\Programfiler\Promise\Promise Disk Controller Manager\UtMsgAgt.exe -- (UtMsgSvc [Auto | Running]) [2008.07.09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running]) [2006.05.12 15:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- E:\Programfiler\RealVNC\VNC4\winvnc4.exe -- (WinVNC4 [Disabled | Stopped]) ========== Driver Services ========== [2004.04.30 08:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [boot | Running]) [2004.04.30 08:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi [boot | Running]) [2008.04.14 16:39:22 | 00,041,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [system | Running]) [2007.03.21 23:11:51 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running]) [1997.04.22 09:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75 [Auto | Running]) [2008.04.13 19:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [boot | Running]) [2003.11.05 09:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [boot | Running]) [2006.08.17 10:14:24 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running]) [2006.08.17 10:17:10 | 00,500,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running]) [2006.08.17 10:23:00 | 00,340,176 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped]) [2006.08.17 10:17:12 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running]) [2006.08.17 10:14:42 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running]) [2004.06.29 15:25:26 | 00,007,680 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\DontGo.sys -- (DontGo [boot | Running]) [2006.08.17 10:14:38 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running]) [1999.10.21 08:12:52 | 00,020,400 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped]) [2005.12.06 04:28:38 | 00,014,080 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Running]) [2008.04.13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Stopped]) [2008.12.26 18:19:15 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) [2006.08.17 10:16:32 | 01,110,528 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k [On_Demand | Running]) [2008.01.11 23:04:08 | 00,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped]) [2008.04.13 17:35:27 | 00,003,026 | ---- | M] (Logix4u) -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface [system | Running]) [2007.07.19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [system | Running]) [2003.12.11 10:50:00 | 00,025,630 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2 [On_Demand | Running]) [2003.12.11 10:50:00 | 00,037,916 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb [On_Demand | Running]) [2003.12.11 10:50:00 | 00,070,894 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running]) [2005.12.09 14:35:54 | 02,174,464 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap [On_Demand | Running]) [2005.12.09 14:37:42 | 02,400,256 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv [On_Demand | Running]) [2005.12.06 04:26:54 | 02,010,240 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Running]) [2005.12.09 14:37:42 | 00,016,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon [On_Demand | Stopped]) [2005.12.06 04:26:16 | 00,039,424 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running]) [2005.12.06 04:28:33 | 01,103,488 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running]) [2008.04.13 19:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys -- (mf [On_Demand | Running]) [2001.08.17 22:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame [On_Demand | Stopped]) [2001.08.17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) [2007.03.21 23:11:50 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [system | Running]) [2008.05.16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2003.08.13 02:45:00 | 00,036,864 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Stopped]) [2003.06.06 23:53:16 | 00,070,656 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET [On_Demand | Stopped]) [2003.08.13 02:45:00 | 00,311,552 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Stopped]) [2007.09.04 19:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running]) [2003.03.19 08:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [boot | Running]) [2006.08.17 10:15:00 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running]) [2006.03.02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2008.02.23 03:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2007.01.26 19:05:32 | 00,061,600 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sea3bus.sys -- (sea3bus [On_Demand | Stopped]) [2007.11.13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running]) [2007.08.29 03:04:04 | 00,116,264 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (si3112r [boot | Running]) [2007.08.29 03:04:04 | 00,019,240 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [boot | Running]) [2007.08.29 03:04:04 | 00,019,240 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc [boot | Running]) [2006.10.19 15:58:37 | 00,611,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running]) [2008.02.27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [boot | Running]) [2008.02.15 23:15:33 | 00,226,496 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt [system | Running]) [2004.12.13 12:28:04 | 00,125,440 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ulsata2.sys -- (ulsata2 [boot | Running]) [2008.04.13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running]) [2004.09.20 14:54:04 | 00,006,656 | ---- | M] (Promise Technology, Inc.) -- C:\Programfiler\Promise\Promise Disk Controller Manager\ULEVTBDG.sys -- (UTDpcService [On_Demand | Running]) [2008.07.09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [system | Running]) [2006.11.07 08:42:16 | 00,061,504 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus [On_Demand | Stopped]) [2006.11.07 08:42:22 | 00,009,328 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl [On_Demand | Stopped]) [2006.11.07 08:42:24 | 00,097,056 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm [On_Demand | Stopped]) [2006.11.07 08:42:28 | 00,088,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt [On_Demand | Stopped]) [2006.11.07 08:42:30 | 00,086,368 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex [On_Demand | Stopped]) [2003.05.21 17:58:18 | 00,253,672 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6 [On_Demand | Running]) [2001.11.13 09:47:26 | 00,041,324 | ---- | M] () -- C:\WINDOWS\system32\winio.sys -- (WINIO [On_Demand | Stopped]) [2006.03.02 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running]) [2007.11.29 10:28:00 | 00,285,824 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running]) [2005.09.18 18:02:52 | 00,005,632 | ---- | M] () -- E:\Andre nyttinge programmer\PeerGuardian2\pgfilter.sys -- (pgfilter [On_Demand | Running]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.google.com/ie "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""=http://www.google.com/search?q=%s [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = 127.0.0.1;localhost;2rzn [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.google.com/ie "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL] ""=http://www.google.com/search?q=%s [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = 127.0.0.1;localhost;2rzn ========== (O1) Hosts File ========== HOSTS File = (720 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {3C6301ED-0F78-4AF2-8150-D9C052361A8E} (HKLM) -- E:\Andre nyttinge programmer\Atlas\ATLIECP.DLL (FUJITSU LIMITED) {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- E:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programfiler\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Programfiler\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{3C6301ED-0F78-4AF2-8150-D9C052361A8E}" (HKLM) -- E:\Andre nyttinge programmer\Atlas\ATLIECP.DLL (FUJITSU LIMITED) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe () "AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" (Creative Technology Ltd.) "Cobian Backup 8 interface"="E:\Andre nyttinge programmer\Cobian Bacup\cbInterface.exe" -service (Luis Cobian) "Computer clean"=C:\deletetempfiles\Computer clean.bat () "CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" (Creative Technology Ltd) "CTHelper"=CTHELPER.EXE (Creative Technology Ltd) "CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd) "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation) "Logitech Utility"=Logi_MwX.Exe (Logitech Inc.) "LogonStudio"="E:\Andre nyttinge programmer\LogonStudio\logonstudio.exe" /RANDOM (Stardock and Luca Saggese) "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC () "nForce Tray Options"=sstray.exe /r (NVIDIA Corporation) "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE (Eset ) "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) "nwiz"=nwiz.exe /install () "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation) "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation) "PtiuPbmd"=Rundll32.exe ulutil2.dll,SetWriteBack (Promise Technology,Inc.) "RCSystem"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup (Creative Technology Ltd.) "SunJavaUpdateSched"="C:\Programfiler\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) "ZoneAlarm Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GCS"="E:\Programfiler\GrabClipSave\GrabClipSave.exe" ([LoL]Boumchalak) "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation) "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA) "PeerGuardian"=E:\Andre nyttinge programmer\PeerGuardian2\pg2.exe (Methlabs) [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GCS"="E:\Programfiler\GrabClipSave\GrabClipSave.exe" ([LoL]Boumchalak) "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation) "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA) "PeerGuardian"=E:\Andre nyttinge programmer\PeerGuardian2\pg2.exe (Methlabs) ========== (O4) Startup Folders ========== [2007.03.18 07:15:26 | 01,655,808 | ---- | M] (SourceForge.net) -- C:\Documents and Settings\Thorsen\Start-meny\Programmer\Oppstart\LCD Smartie.lnk = E:\Andre nyttinge programmer\lcd_smartie_v5.4\LCDSmartie.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableRegistryTools"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] &Translate with ATLAS: E:\Andre nyttinge programmer\Atlas\atlscript.html [2005.04.19 11:18:20 | 00,000,230 | ---- | M] () ATLAS Translation &Editor: E:\Andre nyttinge programmer\Atlas\AtlscriptEdit.html [2005.09.08 18:56:08 | 00,000,229 | ---- | M] () Save Flash: E:\Programfiler\UnH Solutions\Flash Saving Plugin\FlashSButton.dll [2005.04.30 13:53:32 | 00,180,224 | ---- | M] (UnH Solutions) [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\] &Translate with ATLAS: E:\Andre nyttinge programmer\Atlas\atlscript.html [2005.04.19 11:18:20 | 00,000,230 | ---- | M] () ATLAS Translation &Editor: E:\Andre nyttinge programmer\Atlas\AtlscriptEdit.html [2005.09.08 18:56:08 | 00,000,229 | ---- | M] () Save Flash: E:\Programfiler\UnH Solutions\Flash Saving Plugin\FlashSButton.dll [2005.04.30 13:53:32 | 00,180,224 | ---- | M] (UnH Solutions) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {B7707A72-4355-11D4-82BD-00000EBBEF8D}: Button: ATLAS Translation -- E:\Andre nyttinge programmer\Atlas\atlscript.html [2005.04.19 11:18:20 | 00,000,230 | ---- | M] () {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- E:\Programfiler\Spybot - Search & Destroy\SDHelper.dll [2008.08.14 13:39:52 | 01,562,448 | ---- | M] (Safer Networking Limited) {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\ClsidExtension [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\ClsidExtension [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 49 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] uis.no\thyra: https in My Computer 58 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 50 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 50 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 33 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 33 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] uis.no\thyra: https in My Computer 58 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_15 {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06 {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08 {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09 {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10 {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11 {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01 {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02 {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03 {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04 {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class ========== (O17) DNS Name Servers ========== {0F67B75F-2D65-40B8-B9B3-3A57341CE2F7} (Servers: | Description: ) {54742289-4226-49D7-92A9-DB39844BBCA8} (Servers: | Description: NVIDIA nForce MCP Networking Controller) {6DA673B9-0D90-4736-9EE3-5425C2A44CCB} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) {74F6BD33-0ED9-4C60-9C0E-1D04E25B3F85} (Servers: | Description: 1394-nettverkskort) {8DE751F8-329D-4E3F-8B18-4EA32C522C96} (Servers: | Description: ) ========== (O20) HKLM Winlogon Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "UIHost"=C:\WINDOWS\system32\logonuiX.exe >[2008.07.20 15:45:21 | 01,804,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonuiX.exe ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006.09.06 19:33:57 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] AUTORUN.INF [[autorun] | open=AUTORUN.EXE | icon=uta256.ico | ] [2003.12.11 16:00:00 | 00,000,046 | R--- | M] () -- I:\AUTORUN.INF -- [ CDFS ] AutoRun.exe [MZ | ] [2003.12.11 16:00:00 | 00,049,152 | R--- | M] () -- I:\AutoRun.exe -- [ CDFS ] AUTORUN.INF [[autorun] | OPEN=AUTORUN.EXE | ICON=GAME.ico | ] [2003.08.20 06:25:27 | 00,000,044 | R--- | M] () -- J:\AUTORUN.INF -- [ CDFS ] AutoRun.exe [MZ | ] [2003.12.24 09:16:34 | 00,049,152 | R--- | M] () -- J:\AutoRun.exe -- [ CDFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\AutoRun\command] ""=I:\AUTORUN\SPLASH.EXE -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\INSTALL\COMMAND] ""=I:\SETUP.EXE -- [2003.12.11 16:00:00 | 00,200,704 | R--- | M] () ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009.01.03 12:52:06 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thorsen\Skrivebord\OTViewIt.exe [2009.01.03 12:38:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Thorsen\Mine dokumenter\CCregsikkerhetskopier [2009.01.03 12:32:22 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Thorsen\Skrivebord\ccsetup215.exe [2009.01.02 15:29:39 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009.01.02 10:35:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Thorsen\Programdata\Malwarebytes [2009.01.02 10:35:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.01.02 10:35:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.01.02 10:35:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Malwarebytes [2009.01.02 10:34:37 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Thorsen\Skrivebord\mbam-setup.exe [2009.01.02 10:07:50 | 00,000,223 | ---- | C] () -- C:\Boot.bak [2009.01.02 10:07:47 | 00,260,272 | ---- | C] () -- C:\cmldr [2009.01.02 10:07:45 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009.01.02 10:04:22 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009.01.02 10:04:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009.01.02 10:04:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009.01.02 10:04:21 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2009.01.02 10:04:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009.01.02 10:04:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009.01.02 10:04:21 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2009.01.02 10:04:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009.01.02 10:04:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009.01.02 10:03:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009.01.02 10:03:21 | 00,000,000 | ---D | C] -- C:\Qoobox [2009.01.02 10:02:46 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009.01.02 09:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Lavasoft [2009.01.02 09:21:28 | 23,804,784 | ---- | C] () -- C:\Documents and Settings\Thorsen\Skrivebord\aaw2008.exe [2009.01.01 22:15:39 | 14,968,808 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Thorsen\Skrivebord\spybotsd160.exe [2009.01.01 22:15:25 | 00,000,000 | ---D | C] -- C:\Programfiler\SDHelper (Spybot - Search & Destroy) [2009.01.01 22:15:25 | 00,000,000 | ---D | C] -- C:\Programfiler\Misc. Support Library (Spybot - Search & Destroy) [2009.01.01 22:15:24 | 00,000,000 | ---D | C] -- C:\Programfiler\TeaTimer (Spybot - Search & Destroy) [2009.01.01 22:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\TEMP [2009.01.01 22:02:15 | 02,869,536 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Thorsen\Skrivebord\spywareblastersetup41.exe [2008.12.16 11:29:27 | 00,000,000 | ---D | C] -- C:\Programfiler\MSECache [2008.12.15 13:23:44 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\Thorsen\Skrivebord\WiresharkPortable.exe.lnk [2008.12.13 00:32:55 | 00,000,000 | ---D | C] -- C:\Programfiler\Ventrilo [2008.12.13 00:32:49 | 00,000,261 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008.12.11 18:10:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2008.12.11 17:52:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\no [2008.12.11 17:52:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2008.12.11 17:52:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2008.12.11 17:50:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2008.12.11 17:38:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009.01.03 12:52:17 | 81,100,832 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009.01.03 12:52:02 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thorsen\Skrivebord\OTViewIt.exe [2009.01.03 12:40:38 | 00,000,558 | ---- | M] () -- C:\Documents and Settings\Thorsen\Mine dokumenter\Mine delte mapper.lnk [2009.01.03 12:32:31 | 03,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Thorsen\Skrivebord\ccsetup215.exe [2009.01.03 12:23:52 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009.01.03 12:08:48 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\Thorsen\Start-meny\Programmer\Oppstart\LCD Smartie.lnk [2009.01.03 12:08:16 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini [2009.01.03 12:08:10 | 00,181,672 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009.01.03 12:07:49 | 00,005,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.01.03 11:41:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.01.03 11:41:45 | 00,352,921 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2009.01.03 11:41:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.01.03 11:41:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2009.01.03 02:13:19 | 00,964,676 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009.01.03 02:13:19 | 00,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx [2009.01.03 02:13:19 | 00,054,692 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx [2009.01.03 02:13:19 | 00,054,692 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx [2009.01.03 02:13:19 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009.01.03 02:13:19 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2009.01.02 17:27:11 | 00,000,720 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009.01.02 16:41:07 | 00,001,813 | ---- | M] () -- C:\WINDOWS\pstudio.ini [2009.01.02 10:34:40 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Thorsen\Skrivebord\mbam-setup.exe [2009.01.02 10:20:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009.01.02 10:07:50 | 00,000,293 | RHS- | M] () -- C:\boot.ini [2009.01.02 09:23:07 | 23,804,784 | ---- | M] () -- C:\Documents and Settings\Thorsen\Skrivebord\aaw2008.exe [2009.01.02 00:42:49 | 00,002,720 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009.01.01 22:16:43 | 14,968,808 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Thorsen\Skrivebord\spybotsd160.exe [2009.01.01 22:02:33 | 02,869,536 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Thorsen\Skrivebord\spywareblastersetup41.exe [2008.12.31 02:24:23 | 00,206,336 | ---- | M] () -- C:\Documents and Settings\Thorsen\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.25 05:00:50 | 00,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Computer clean.job [2008.12.18 19:43:09 | 00,000,429 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2008.12.17 14:30:56 | 00,394,680 | ---- | M] () -- C:\Documents and Settings\Thorsen\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT [2008.12.17 12:12:42 | 01,286,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.12.15 13:23:44 | 00,000,718 | ---- | M] () -- C:\Documents and Settings\Thorsen\Skrivebord\WiresharkPortable.exe.lnk [2008.12.13 07:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2008.12.13 07:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2008.12.13 00:32:58 | 00,000,261 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008.12.11 20:24:50 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Thorsen\Mine dokumenter\Forslag til andre.doc [2008.12.11 18:13:18 | 00,509,622 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat [2008.12.11 18:13:18 | 00,506,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008.12.11 18:13:18 | 00,105,442 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat [2008.12.11 18:13:17 | 00,096,866 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008.12.11 18:13:16 | 01,237,622 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008.12.11 18:11:40 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2008.12.11 17:48:37 | 00,250,560 | RHS- | M] () -- C:\ntldr [2008.12.10 15:32:07 | 00,002,353 | ---- | M] () -- C:\Documents and Settings\Thorsen\Skrivebord\Microsoft Word.lnk [2008.12.09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008.12.08 18:10:45 | 00,003,842 | -H-- | M] () -- C:\Documents and Settings\Thorsen\Mine dokumenter\Default.rdp < End of report > Extras.txt Klikk for å se/fjerne spoilerteksten nedenfor OTViewIt Extras logfile created on: 03.01.2009 12:52:33 - Run OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Thorsen\Skrivebord Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 64,93% Memory free 3,90 Gb Paging File | 3,34 Gb Available in Paging File | 85,65% Paging File free Paging file location(s): C:\pagefile.sys 2100 2100; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 58,59 Gb Total Space | 22,75 Gb Free Space | 38,83% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 94,78 Gb Total Space | 46,26 Gb Free Space | 48,81% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 73,18 Gb Free Space | 31,42% Space Free | Partition Type: NTFS Drive G: | 76,68 Gb Total Space | 31,65 Gb Free Space | 41,27% Space Free | Partition Type: NTFS Drive H: | 153,38 Gb Total Space | 50,70 Gb Free Space | 33,05% Space Free | Partition Type: NTFS Drive I: | 1,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 1,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 6,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive L: | 195,31 Gb Total Space | 28,00 Gb Free Space | 14,34% Space Free | Partition Type: NTFS Drive M: | 24,40 Gb Total Space | 16,82 Gb Free Space | 68,91% Space Free | Partition Type: FAT32 Computer Name: 2RZN Current User Name: Thorsen Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Programfiler\Firefox2\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=0 "DisableNotifications"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008.04.14 17:23:10 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2006.08.01 17:11:40 | 00,644,104 | ---- | M] (SiSoftware) -- E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe:*:Enabled:SiSoftware Sandra Lite [2006.08.01 17:11:44 | 01,156,096 | ---- | M] (SiSoftware) -- E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite [2006.08.01 17:13:52 | 00,119,800 | ---- | M] (SiSoftware) -- E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite File not found -- C:\Programfiler\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2005.01.25 15:19:38 | 00,028,672 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\updates.exe:*:Enabled:updates (OrCAD 15.7 Demo) [2006.05.22 16:10:18 | 00,012,288 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsdoc.exe:*:Enabled:cdsdoc (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,098,304 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsinfo.exe:*:Enabled:cdsinfo (OrCAD 15.7 Demo) [2006.02.03 10:17:24 | 00,007,680 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsmps.exe:*:Enabled:cdsmps (OrCAD 15.7 Demo) [2006.02.03 10:17:30 | 00,016,384 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsMsgServer.exe:*:Enabled:cdsMsgServer (OrCAD 15.7 Demo) [2006.02.03 10:16:16 | 00,045,056 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsNameServer.exe:*:Enabled:cdsNameServer (OrCAD 15.7 Demo) [2006.01.23 09:31:00 | 00,032,768 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsOaPathUtil.exe:*:Enabled:cdsOaPathUtil (OrCAD 15.7 Demo) [2006.02.03 10:16:52 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsRemshClient.exe:*:Enabled:cdsRemshClient (OrCAD 15.7 Demo) [2006.02.03 10:17:26 | 00,005,632 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsRunHidden.exe:*:Enabled:cdsRunHidden (OrCAD 15.7 Demo) [2006.01.30 23:22:16 | 00,065,536 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsServIpc.exe:*:Enabled:cdsServIpc (OrCAD 15.7 Demo) [2006.01.23 09:31:00 | 00,151,552 | ---- | M] (DataFocus, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsUnzip.exe:*:Enabled:cdsUnzip (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdswhich.exe:*:Enabled:cdswhich (OrCAD 15.7 Demo) [2006.01.23 09:31:00 | 00,135,168 | ---- | M] (DataFocus, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsZip.exe:*:Enabled:cdsZip (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,015,360 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cds_root.exe:*:Enabled:cds_root (OrCAD 15.7 Demo) [2006.01.23 09:30:58 | 00,069,632 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\clsAdminTool.exe:*:Enabled:clsAdminTool (OrCAD 15.7 Demo) [2006.01.23 09:31:00 | 00,061,440 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\clsbd.exe:*:Enabled:clsbd (OrCAD 15.7 Demo) [2006.01.15 22:07:20 | 00,009,728 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\clu.exe:*:Enabled:clu (OrCAD 15.7 Demo) [2006.07.25 12:32:18 | 01,638,400 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cmfeedback.exe:*:Enabled:cmfeedback (OrCAD 15.7 Demo) [2006.07.25 12:36:40 | 13,455,360 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\consmgr.exe:*:Enabled:consmgr (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,057,344 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\dregprint.exe:*:Enabled:dregprint (OrCAD 15.7 Demo) [2006.01.23 09:31:02 | 00,090,112 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\emsMkError.exe:*:Enabled:emsMkError (OrCAD 15.7 Demo) [2006.02.03 10:16:36 | 00,008,192 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\mpsinfo.exe:*:Enabled:mpsinfo (OrCAD 15.7 Demo) [2006.01.23 09:31:02 | 00,032,768 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\msgHelp.exe:*:Enabled:msgHelp (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,143,360 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\nmp.exe:*:Enabled:nmp (OrCAD 15.7 Demo) [2006.01.23 09:30:58 | 00,151,552 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\nmppath.exe:*:Enabled:nmppath (OrCAD 15.7 Demo) [2006.05.22 10:15:04 | 00,008,704 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\obServer.exe:*:Enabled:obServer (OrCAD 15.7 Demo) [2006.04.10 08:21:48 | 00,065,536 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\switchversion.exe:*:Enabled:switchversion (OrCAD 15.7 Demo) [2006.01.15 22:10:16 | 00,659,456 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\van.exe:*:Enabled:van (OrCAD 15.7 Demo) [2006.06.07 15:55:18 | 00,049,152 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\versionviewer.exe:*:Enabled:versionviewer (OrCAD 15.7 Demo) [2006.08.17 15:36:40 | 08,908,800 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\capture.exe:*:Enabled:capture (OrCAD 15.7 Demo) [2001.09.04 12:59:22 | 00,048,849 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\comp16.exe:*:Enabled:comp16 (OrCAD 15.7 Demo) [2006.05.29 00:00:30 | 00,245,760 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\pcadi.exe:*:Enabled:pcadi (OrCAD 15.7 Demo) [2006.05.28 22:08:16 | 00,118,784 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (OrCAD 15.7 Demo) [2006.05.28 21:05:48 | 00,184,320 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\pstswp.exe:*:Enabled:pstswp (OrCAD 15.7 Demo) [2000.07.21 08:15:12 | 00,037,136 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 15.7 Demo) [2006.08.07 13:51:52 | 02,031,616 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\sch2cap.exe:*:Enabled:sch2cap (OrCAD 15.7 Demo) [2006.05.22 08:38:48 | 00,004,528 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\SETBROWS.EXE:*:Enabled:SETBROWS (OrCAD 15.7 Demo) [2006.05.23 09:13:26 | 19,050,496 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\tutorial\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (OrCAD 15.7 Demo) [2006.05.22 14:29:36 | 00,589,890 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 15.7 Demo) [2006.05.22 10:15:04 | 00,151,552 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\cdsdoc\bin\obServer.exe:*:Enabled:obServer (OrCAD 15.7 Demo) [2006.01.30 23:21:50 | 00,536,576 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\dfII\bin\skill.exe:*:Enabled:skill (OrCAD 15.7 Demo) [2006.01.30 23:21:48 | 00,962,560 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\dfII\bin\skill_g.exe:*:Enabled:skill_g (OrCAD 15.7 Demo) [2006.05.22 22:48:30 | 00,094,208 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\bodygen.exe:*:Enabled:bodygen (OrCAD 15.7 Demo) [2006.05.28 21:51:24 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\cpmaccess.exe:*:Enabled:cpmaccess (OrCAD 15.7 Demo) [2006.05.28 21:51:34 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\libaccess.exe:*:Enabled:libaccess (OrCAD 15.7 Demo) [2006.05.22 19:02:24 | 01,261,568 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\lrm.exe:*:Enabled:lrm (OrCAD 15.7 Demo) [2006.05.22 18:43:56 | 00,005,632 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\mkdefcfg.exe:*:Enabled:mkdefcfg (OrCAD 15.7 Demo) [2006.05.22 21:03:26 | 00,188,416 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\newgenasym.exe:*:Enabled:newgenasym (OrCAD 15.7 Demo) [2006.05.22 20:55:22 | 00,176,128 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\pcbCache.exe:*:Enabled:pcbCache (OrCAD 15.7 Demo) [2006.06.07 15:41:06 | 01,540,096 | ---- | M] (Cadence Design Systems Inc) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\projmgr.exe:*:Enabled:projmgr (OrCAD 15.7 Demo) [2006.06.06 11:22:22 | 01,585,152 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\psetup.exe:*:Enabled:psetup (OrCAD 15.7 Demo) [2006.05.22 19:04:24 | 01,593,344 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\purge.exe:*:Enabled:purge (OrCAD 15.7 Demo) [2006.06.01 19:26:52 | 00,131,072 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\QPSetup.exe:*:Enabled:QPSetup (OrCAD 15.7 Demo) [2006.05.22 19:05:36 | 01,368,064 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\rollback.exe:*:Enabled:rollback (OrCAD 15.7 Demo) [2006.06.01 19:08:38 | 00,049,152 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\UniversalBrowser.exe:*:Enabled:UniversalBrowser (OrCAD 15.7 Demo) [2006.05.22 18:41:54 | 00,004,608 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\versiontool.exe:*:Enabled:versiontool (OrCAD 15.7 Demo) [2004.09.28 18:29:28 | 00,045,161 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\java.exe:*:Enabled:java (OrCAD 15.7 Demo) [2004.09.28 18:29:34 | 00,045,163 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\javaw.exe:*:Enabled:javaw (OrCAD 15.7 Demo) [2004.09.28 19:26:02 | 00,016,501 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\jpicpl32.exe:*:Enabled:jpicpl32 (OrCAD 15.7 Demo) [2004.09.28 19:26:04 | 00,241,777 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\jucheck.exe:*:Enabled:jucheck (OrCAD 15.7 Demo) [2004.09.28 19:26:04 | 00,032,881 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\jusched.exe:*:Enabled:jusched (OrCAD 15.7 Demo) [2004.09.28 18:43:46 | 00,045,185 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\keytool.exe:*:Enabled:keytool (OrCAD 15.7 Demo) [2004.09.28 18:44:12 | 00,045,181 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\kinit.exe:*:Enabled:kinit (OrCAD 15.7 Demo) [2004.09.28 18:44:20 | 00,045,181 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\klist.exe:*:Enabled:klist (OrCAD 15.7 Demo) [2004.09.28 18:44:26 | 00,045,179 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\ktab.exe:*:Enabled:ktab (OrCAD 15.7 Demo) [2004.09.28 19:01:54 | 00,045,204 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\orbd.exe:*:Enabled:orbd (OrCAD 15.7 Demo) [2004.09.28 18:44:06 | 00,045,191 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\policytool.exe:*:Enabled:policytool (OrCAD 15.7 Demo) [2004.09.28 18:58:34 | 00,045,179 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\rmid.exe:*:Enabled:rmid (OrCAD 15.7 Demo) [2004.09.28 18:58:20 | 00,045,191 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\rmiregistry.exe:*:Enabled:rmiregistry (OrCAD 15.7 Demo) [2004.09.28 19:02:00 | 00,045,216 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\servertool.exe:*:Enabled:servertool (OrCAD 15.7 Demo) [2004.09.28 19:02:12 | 00,045,206 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\tnameserv.exe:*:Enabled:tnameserv (OrCAD 15.7 Demo) [2004.09.28 19:17:08 | 00,135,168 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\javaws\javaws.exe:*:Enabled:javaws (OrCAD 15.7 Demo) [2006.07.28 12:39:08 | 08,486,912 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\a2dxf.exe:*:Enabled:a2dxf (OrCAD 15.7 Demo) [2006.08.15 11:48:50 | 22,540,288 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\allegro.exe:*:Enabled:allegro (OrCAD 15.7 Demo) [2006.06.13 12:20:28 | 09,875,456 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\allegro_free_viewer.exe:*:Enabled:allegro_free_viewer (OrCAD 15.7 Demo) [2006.07.18 11:49:46 | 08,691,712 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\artwork.exe:*:Enabled:artwork (OrCAD 15.7 Demo) [2006.06.13 12:22:56 | 00,815,104 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\batch_drc.exe:*:Enabled:batch_drc (OrCAD 15.7 Demo) [2006.06.13 12:23:04 | 08,351,744 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\bbvia.exe:*:Enabled:bbvia (OrCAD 15.7 Demo) [2006.06.13 12:23:18 | 01,019,904 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\bem2d.exe:*:Enabled:bem2d (OrCAD 15.7 Demo) [2006.06.13 12:25:12 | 08,347,648 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\cns_report.exe:*:Enabled:cns_report (OrCAD 15.7 Demo) [2006.06.13 12:25:48 | 08,351,744 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\create_devices.exe:*:Enabled:create_devices (OrCAD 15.7 Demo) [2006.06.13 12:26:00 | 08,372,224 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\create_sym.exe:*:Enabled:create_sym (OrCAD 15.7 Demo) [2006.08.15 11:50:18 | 08,740,864 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbdoctor.exe:*:Enabled:dbdoctor (OrCAD 15.7 Demo) [2003.02.04 13:20:02 | 05,656,647 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbdoctor14.exe:*:Enabled:dbdoctor14 (OrCAD 15.7 Demo) [2006.06.13 12:26:22 | 00,819,200 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbdoctor_ui.exe:*:Enabled:dbdoctor_ui (OrCAD 15.7 Demo) [1997.06.12 14:07:24 | 01,510,400 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbfix11.exe:*:Enabled:dbfix11 (OrCAD 15.7 Demo) [1998.06.22 15:00:16 | 01,793,536 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbfix12.exe:*:Enabled:dbfix12 (OrCAD 15.7 Demo) [2000.01.05 10:10:28 | 04,762,112 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbfix13.exe:*:Enabled:dbfix13 (OrCAD 15.7 Demo) [2006.06.13 12:26:42 | 08,355,840 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbstat.exe:*:Enabled:dbstat (OrCAD 15.7 Demo) [2006.06.13 12:26:56 | 09,244,672 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dfa_dlg.exe:*:Enabled:dfa_dlg (OrCAD 15.7 Demo) [2006.06.13 12:27:12 | 08,949,760 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dfa_update.exe:*:Enabled:dfa_update (OrCAD 15.7 Demo) [2005.06.03 16:18:08 | 06,377,541 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\downrev14.exe:*:Enabled:downrev14 (OrCAD 15.7 Demo) [2006.06.13 12:28:12 | 08,347,648 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\downrev_library.exe:*:Enabled:downrev_library (OrCAD 15.7 Demo) [2006.06.13 12:28:26 | 09,363,456 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\draw_check.exe:*:Enabled:draw_check (OrCAD 15.7 Demo) [2006.06.13 12:28:42 | 08,744,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dump_libraries.exe:*:Enabled:dump_libraries (OrCAD 15.7 Demo) [2006.07.11 13:02:22 | 09,498,624 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dxf2a.exe:*:Enabled:dxf2a (OrCAD 15.7 Demo) [2006.06.13 12:29:18 | 00,221,184 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\ecl_schedule.exe:*:Enabled:ecl_schedule (OrCAD 15.7 Demo) [2006.06.13 12:29:24 | 01,175,552 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\enved.exe:*:Enabled:enved (OrCAD 15.7 Demo) [2006.06.13 12:29:56 | 00,204,800 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\explot.exe:*:Enabled:explot (OrCAD 15.7 Demo) [2006.06.13 12:30:02 | 10,932,224 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\extracta.exe:*:Enabled:extracta (OrCAD 15.7 Demo) [2006.06.13 12:30:26 | 08,347,648 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\flash_convert.exe:*:Enabled:flash_convert (OrCAD 15.7 Demo) [2006.06.13 12:30:52 | 00,872,448 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\fpbrowse.exe:*:Enabled:fpbrowse (OrCAD 15.7 Demo) [2006.06.13 11:30:58 | 02,879,488 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\FSvia.exe:*:Enabled:FSvia (OrCAD 15.7 Demo) [2006.06.13 11:31:10 | 00,118,784 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\FSviaSolver.exe:*:Enabled:FSviaSolver (OrCAD 15.7 Demo) [2006.06.13 12:31:04 | 09,056,256 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\gbplot.exe:*:Enabled:gbplot (OrCAD 15.7 Demo) [2006.07.25 12:36:54 | 11,997,184 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\genfeedformat.exe:*:Enabled:genfeedformat (OrCAD 15.7 Demo) [2006.06.13 12:31:36 | 09,035,776 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\genrad.exe:*:Enabled:genrad (OrCAD 15.7 Demo) [2006.06.13 12:31:46 | 11,120,640 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\gloss.exe:*:Enabled:gloss (OrCAD 15.7 Demo) [2006.08.04 13:51:24 | 09,457,664 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\idf_in.exe:*:Enabled:idf_in (OrCAD 15.7 Demo) [2006.06.13 12:32:38 | 08,421,376 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\idf_out.exe:*:Enabled:idf_out (OrCAD 15.7 Demo) [2006.06.13 12:32:52 | 09,609,216 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\iges_in.exe:*:Enabled:iges_in (OrCAD 15.7 Demo) [2006.06.13 12:33:04 | 08,544,256 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\iges_out.exe:*:Enabled:iges_out (OrCAD 15.7 Demo) [2006.06.13 12:33:16 | 00,946,176 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\il_allegro.exe:*:Enabled:il_allegro (OrCAD 15.7 Demo) [2006.06.13 12:33:22 | 08,368,128 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\ipc356_out.exe:*:Enabled:ipc356_out (OrCAD 15.7 Demo) [2006.06.13 11:56:36 | 00,013,312 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\j2script.exe:*:Enabled:j2script (OrCAD 15.7 Demo) [2006.07.10 13:41:30 | 09,650,176 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\l2a.exe:*:Enabled:l2a (OrCAD 15.7 Demo) [2006.06.13 12:34:26 | 10,100,736 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\mbs2lib.exe:*:Enabled:mbs2lib (OrCAD 15.7 Demo) [2006.06.13 12:36:02 | 00,249,856 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\ncroute.exe:*:Enabled:ncroute (OrCAD 15.7 Demo) [2006.06.13 12:36:08 | 00,290,816 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\nctape.exe:*:Enabled:nctape (OrCAD 15.7 Demo) [2006.07.14 12:39:12 | 09,551,872 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\netin.exe:*:Enabled:netin (OrCAD 15.7 Demo) [2006.08.15 11:48:24 | 11,202,560 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\netrev.exe:*:Enabled:netrev (OrCAD 15.7 Demo) [2006.06.13 12:37:08 | 08,921,088 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pads_in.exe:*:Enabled:pads_in (OrCAD 15.7 Demo) [2006.06.13 12:36:52 | 09,183,232 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pad_designer.exe:*:Enabled:pad_designer (OrCAD 15.7 Demo) [2006.06.13 12:37:26 | 09,371,648 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\parallel.exe:*:Enabled:parallel (OrCAD 15.7 Demo) [2006.06.13 12:37:46 | 08,904,704 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pcad_in.exe:*:Enabled:pcad_in (OrCAD 15.7 Demo) [1999.02.09 12:33:30 | 00,204,560 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pe_wordpad.exe:*:Enabled:pe_wordpad (OrCAD 15.7 Demo) [2006.06.13 12:38:02 | 09,486,336 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\placement.exe:*:Enabled:placement (OrCAD 15.7 Demo) [2006.06.13 12:38:16 | 08,355,840 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\plctxt.exe:*:Enabled:plctxt (OrCAD 15.7 Demo) [2006.06.13 12:38:28 | 00,180,224 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pre_check.exe:*:Enabled:pre_check (OrCAD 15.7 Demo) [2006.06.13 12:06:02 | 00,290,816 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\productServer.exe:*:Enabled:productServer (OrCAD 15.7 Demo) [2006.06.13 12:38:52 | 08,962,048 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\qvupdate.exe:*:Enabled:qvupdate (OrCAD 15.7 Demo) [2006.06.13 12:39:16 | 08,425,472 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\refresh_padstack.exe:*:Enabled:refresh_padstack (OrCAD 15.7 Demo) [2006.07.18 11:53:32 | 08,441,856 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\refresh_symbol.exe:*:Enabled:refresh_symbol (OrCAD 15.7 Demo) [2006.06.26 11:36:20 | 08,519,680 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\refresh_vs.exe:*:Enabled:refresh_vs (OrCAD 15.7 Demo) [2006.06.13 12:39:54 | 09,375,744 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\reftxt.exe:*:Enabled:reftxt (OrCAD 15.7 Demo) [2006.07.28 12:40:36 | 10,956,800 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\report.exe:*:Enabled:report (OrCAD 15.7 Demo) [2006.08.04 13:39:12 | 14,073,856 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\specctra.exe:*:Enabled:specctra (OrCAD 15.7 Demo) [2006.06.30 11:06:34 | 12,574,720 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\spif.exe:*:Enabled:spif (OrCAD 15.7 Demo) [2006.06.13 12:42:24 | 10,633,216 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\spif_batch.exe:*:Enabled:spif_batch (OrCAD 15.7 Demo) [2006.06.13 12:43:00 | 09,420,800 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\swap.exe:*:Enabled:swap (OrCAD 15.7 Demo) [2006.06.13 12:43:20 | 09,420,800 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\systemdump.exe:*:Enabled:systemdump (OrCAD 15.7 Demo) [2006.06.13 12:17:00 | 00,151,552 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\sys_root.exe:*:Enabled:sys_root (OrCAD 15.7 Demo) [2006.07.14 12:43:18 | 09,596,928 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\techfile.exe:*:Enabled:techfile (OrCAD 15.7 Demo) [2001.01.23 22:04:40 | 05,040,128 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\techfile13.exe:*:Enabled:techfile13 (OrCAD 15.7 Demo) [2002.04.03 13:30:04 | 05,808,200 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\techfile14.exe:*:Enabled:techfile14 (OrCAD 15.7 Demo) [2006.06.13 12:18:06 | 01,171,456 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\tlp2.exe:*:Enabled:tlp2 (OrCAD 15.7 Demo) [2006.06.13 12:44:12 | 00,196,608 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\uprev.exe:*:Enabled:uprev (OrCAD 15.7 Demo) [2006.06.13 12:44:18 | 08,364,032 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\zrouter.exe:*:Enabled:zrouter (OrCAD 15.7 Demo) [1996.08.13 07:22:44 | 00,065,024 | ---- | M] (hip communications inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\perl5\bin\perl.exe:*:Enabled:perl (OrCAD 15.7 Demo) [1996.08.13 07:22:00 | 00,022,016 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\perl5\bin\perlglob.exe:*:Enabled:perlglob (OrCAD 15.7 Demo) [1996.08.13 07:22:08 | 00,032,256 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\perl5\ntt\cmd32.exe:*:Enabled:cmd32 (OrCAD 15.7 Demo) [2006.08.08 11:03:06 | 00,028,672 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\IndiceFileGeneration.exe:*:Enabled:IndiceFileGeneration (OrCAD 15.7 Demo) [2006.06.07 13:45:28 | 07,819,264 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\Magneticdesigner.exe:*:Enabled:Magneticdesigner (OrCAD 15.7 Demo) [2006.06.02 15:23:54 | 02,691,072 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\modeled.exe:*:Enabled:modeled (OrCAD 15.7 Demo) [2006.08.08 10:51:50 | 00,098,304 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\MrkSrvr.exe:*:Enabled:MrkSrvr (OrCAD 15.7 Demo) [2006.08.08 10:46:18 | 03,899,392 | ---- | M] (Cadence Design Systems) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\pspice.exe:*:Enabled:pspice (OrCAD 15.7 Demo) [2006.08.02 14:13:36 | 03,350,528 | ---- | M] (Cadence Design Systems) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\pspiceaa.exe:*:Enabled:pspiceaa (OrCAD 15.7 Demo) [2006.08.08 13:32:14 | 00,110,592 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\PSpiceEnc.exe:*:Enabled:PSpiceEnc (OrCAD 15.7 Demo) [2006.05.28 22:08:16 | 00,118,784 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (OrCAD 15.7 Demo) [2006.08.08 11:01:36 | 00,032,768 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\psp_cmd.exe:*:Enabled:psp_cmd (OrCAD 15.7 Demo) [2000.07.21 08:15:12 | 00,037,136 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 15.7 Demo) [2006.08.08 11:02:36 | 01,564,672 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\simmgr.exe:*:Enabled:simmgr (OrCAD 15.7 Demo) [2006.08.08 11:02:22 | 00,225,280 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\simsrvr.exe:*:Enabled:simsrvr (OrCAD 15.7 Demo) [2006.06.02 15:16:48 | 01,953,792 | ---- | M] (Cadence Design System) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\stmed.exe:*:Enabled:stmed (OrCAD 15.7 Demo) [2006.08.04 13:39:12 | 14,073,856 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\specctra\bin\specctra.exe:*:Enabled:specctra (OrCAD 15.7 Demo) [2006.05.22 14:29:34 | 00,589,890 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 15.7 Demo) [2006.05.22 14:29:32 | 01,835,008 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\merge.exe:*:Enabled:merge (OrCAD 15.7 Demo) [2006.05.22 14:29:32 | 01,921,024 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\mkvdk.exe:*:Enabled:mkvdk (OrCAD 15.7 Demo) [2006.05.22 10:15:54 | 02,560,054 | ---- | M] (Verity, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\search.exe:*:Enabled:search (OrCAD 15.7 Demo) [2006.05.22 10:15:54 | 00,774,144 | ---- | M] (Verity, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\setup.exe:*:Enabled:setup (OrCAD 15.7 Demo) [2006.05.22 10:15:54 | 00,069,632 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\v_uninst.exe:*:Enabled:v_uninst (OrCAD 15.7 Demo) [2006.05.22 10:15:56 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\callback.exe:*:Enabled:callback (OrCAD 15.7 Demo) [2006.05.22 10:15:58 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\filter.exe:*:Enabled:filter (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,053,248 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\htmlini.exe:*:Enabled:htmlini (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,110,592 | ---- | M] (Verity, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\htmserv.exe:*:Enabled:htmserv (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,028,672 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\index.exe:*:Enabled:index (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,036,864 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\jstree.exe:*:Enabled:jstree (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,036,864 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\jvtree.exe:*:Enabled:jvtree (OrCAD 15.7 Demo) [2006.05.22 10:16:02 | 00,028,672 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\kvoop.exe:*:Enabled:kvoop (OrCAD 15.7 Demo) [2006.05.22 10:16:04 | 00,037,136 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 15.7 Demo) [2006.05.22 10:16:04 | 00,032,768 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\summary.exe:*:Enabled:summary (OrCAD 15.7 Demo) [2006.05.22 10:16:08 | 01,054,720 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\viewers\amovie.exe:*:Enabled:amovie (OrCAD 15.7 Demo) [2000.06.06 23:26:16 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\specctra\bin\specctra.com:*:Enabled:specctra (OrCAD 15.7 Demo) [2007.01.19 12:54:44 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [2007.01.04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008.04.14 17:23:10 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2006.08.01 17:11:40 | 00,644,104 | ---- | M] (SiSoftware) -- E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe:*:Enabled:SiSoftware Sandra Lite [2006.08.01 17:11:44 | 01,156,096 | ---- | M] (SiSoftware) -- E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite [2006.08.01 17:13:52 | 00,119,800 | ---- | M] (SiSoftware) -- E:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger [2008.04.14 17:22:51 | 00,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Fjernhjelp - Windows Messenger og Stemme [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2005.01.25 15:19:38 | 00,028,672 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\updates.exe:*:Enabled:updates (OrCAD 15.7 Demo) [2006.05.22 16:10:18 | 00,012,288 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsdoc.exe:*:Enabled:cdsdoc (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,098,304 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsinfo.exe:*:Enabled:cdsinfo (OrCAD 15.7 Demo) [2006.02.03 10:17:24 | 00,007,680 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsmps.exe:*:Enabled:cdsmps (OrCAD 15.7 Demo) [2006.02.03 10:17:30 | 00,016,384 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsMsgServer.exe:*:Enabled:cdsMsgServer (OrCAD 15.7 Demo) [2006.02.03 10:16:16 | 00,045,056 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsNameServer.exe:*:Enabled:cdsNameServer (OrCAD 15.7 Demo) [2006.01.23 09:31:00 | 00,032,768 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsOaPathUtil.exe:*:Enabled:cdsOaPathUtil (OrCAD 15.7 Demo) [2006.02.03 10:16:52 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsRemshClient.exe:*:Enabled:cdsRemshClient (OrCAD 15.7 Demo) [2006.02.03 10:17:26 | 00,005,632 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsRunHidden.exe:*:Enabled:cdsRunHidden (OrCAD 15.7 Demo) [2006.01.30 23:22:16 | 00,065,536 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsServIpc.exe:*:Enabled:cdsServIpc (OrCAD 15.7 Demo) [2006.01.23 09:31:00 | 00,151,552 | ---- | M] (DataFocus, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsUnzip.exe:*:Enabled:cdsUnzip (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdswhich.exe:*:Enabled:cdswhich (OrCAD 15.7 Demo) [2006.01.23 09:31:00 | 00,135,168 | ---- | M] (DataFocus, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cdsZip.exe:*:Enabled:cdsZip (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,015,360 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cds_root.exe:*:Enabled:cds_root (OrCAD 15.7 Demo) [2006.01.23 09:30:58 | 00,069,632 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\clsAdminTool.exe:*:Enabled:clsAdminTool (OrCAD 15.7 Demo) [2006.01.23 09:31:00 | 00,061,440 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\clsbd.exe:*:Enabled:clsbd (OrCAD 15.7 Demo) [2006.01.15 22:07:20 | 00,009,728 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\clu.exe:*:Enabled:clu (OrCAD 15.7 Demo) [2006.07.25 12:32:18 | 01,638,400 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\cmfeedback.exe:*:Enabled:cmfeedback (OrCAD 15.7 Demo) [2006.07.25 12:36:40 | 13,455,360 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\consmgr.exe:*:Enabled:consmgr (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,057,344 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\dregprint.exe:*:Enabled:dregprint (OrCAD 15.7 Demo) [2006.01.23 09:31:02 | 00,090,112 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\emsMkError.exe:*:Enabled:emsMkError (OrCAD 15.7 Demo) [2006.02.03 10:16:36 | 00,008,192 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\mpsinfo.exe:*:Enabled:mpsinfo (OrCAD 15.7 Demo) [2006.01.23 09:31:02 | 00,032,768 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\msgHelp.exe:*:Enabled:msgHelp (OrCAD 15.7 Demo) [2006.01.23 09:30:56 | 00,143,360 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\nmp.exe:*:Enabled:nmp (OrCAD 15.7 Demo) [2006.01.23 09:30:58 | 00,151,552 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\nmppath.exe:*:Enabled:nmppath (OrCAD 15.7 Demo) [2006.05.22 10:15:04 | 00,008,704 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\obServer.exe:*:Enabled:obServer (OrCAD 15.7 Demo) [2006.04.10 08:21:48 | 00,065,536 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\switchversion.exe:*:Enabled:switchversion (OrCAD 15.7 Demo) [2006.01.15 22:10:16 | 00,659,456 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\van.exe:*:Enabled:van (OrCAD 15.7 Demo) [2006.06.07 15:55:18 | 00,049,152 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\bin\versionviewer.exe:*:Enabled:versionviewer (OrCAD 15.7 Demo) [2006.08.17 15:36:40 | 08,908,800 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\capture.exe:*:Enabled:capture (OrCAD 15.7 Demo) [2001.09.04 12:59:22 | 00,048,849 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\comp16.exe:*:Enabled:comp16 (OrCAD 15.7 Demo) [2006.05.29 00:00:30 | 00,245,760 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\pcadi.exe:*:Enabled:pcadi (OrCAD 15.7 Demo) [2006.05.28 22:08:16 | 00,118,784 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (OrCAD 15.7 Demo) [2006.05.28 21:05:48 | 00,184,320 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\pstswp.exe:*:Enabled:pstswp (OrCAD 15.7 Demo) [2000.07.21 08:15:12 | 00,037,136 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 15.7 Demo) [2006.08.07 13:51:52 | 02,031,616 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\sch2cap.exe:*:Enabled:sch2cap (OrCAD 15.7 Demo) [2006.05.22 08:38:48 | 00,004,528 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\SETBROWS.EXE:*:Enabled:SETBROWS (OrCAD 15.7 Demo) [2006.05.23 09:13:26 | 19,050,496 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\capture\tutorial\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (OrCAD 15.7 Demo) [2006.05.22 14:29:36 | 00,589,890 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 15.7 Demo) [2006.05.22 10:15:04 | 00,151,552 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\cdsdoc\bin\obServer.exe:*:Enabled:obServer (OrCAD 15.7 Demo) [2006.01.30 23:21:50 | 00,536,576 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\dfII\bin\skill.exe:*:Enabled:skill (OrCAD 15.7 Demo) [2006.01.30 23:21:48 | 00,962,560 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\dfII\bin\skill_g.exe:*:Enabled:skill_g (OrCAD 15.7 Demo) [2006.05.22 22:48:30 | 00,094,208 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\bodygen.exe:*:Enabled:bodygen (OrCAD 15.7 Demo) [2006.05.28 21:51:24 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\cpmaccess.exe:*:Enabled:cpmaccess (OrCAD 15.7 Demo) [2006.05.28 21:51:34 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\libaccess.exe:*:Enabled:libaccess (OrCAD 15.7 Demo) [2006.05.22 19:02:24 | 01,261,568 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\lrm.exe:*:Enabled:lrm (OrCAD 15.7 Demo) [2006.05.22 18:43:56 | 00,005,632 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\mkdefcfg.exe:*:Enabled:mkdefcfg (OrCAD 15.7 Demo) [2006.05.22 21:03:26 | 00,188,416 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\newgenasym.exe:*:Enabled:newgenasym (OrCAD 15.7 Demo) [2006.05.22 20:55:22 | 00,176,128 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\pcbCache.exe:*:Enabled:pcbCache (OrCAD 15.7 Demo) [2006.06.07 15:41:06 | 01,540,096 | ---- | M] (Cadence Design Systems Inc) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\projmgr.exe:*:Enabled:projmgr (OrCAD 15.7 Demo) [2006.06.06 11:22:22 | 01,585,152 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\psetup.exe:*:Enabled:psetup (OrCAD 15.7 Demo) [2006.05.22 19:04:24 | 01,593,344 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\purge.exe:*:Enabled:purge (OrCAD 15.7 Demo) [2006.06.01 19:26:52 | 00,131,072 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\QPSetup.exe:*:Enabled:QPSetup (OrCAD 15.7 Demo) [2006.05.22 19:05:36 | 01,368,064 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\rollback.exe:*:Enabled:rollback (OrCAD 15.7 Demo) [2006.06.01 19:08:38 | 00,049,152 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\UniversalBrowser.exe:*:Enabled:UniversalBrowser (OrCAD 15.7 Demo) [2006.05.22 18:41:54 | 00,004,608 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\fet\bin\versiontool.exe:*:Enabled:versiontool (OrCAD 15.7 Demo) [2004.09.28 18:29:28 | 00,045,161 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\java.exe:*:Enabled:java (OrCAD 15.7 Demo) [2004.09.28 18:29:34 | 00,045,163 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\javaw.exe:*:Enabled:javaw (OrCAD 15.7 Demo) [2004.09.28 19:26:02 | 00,016,501 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\jpicpl32.exe:*:Enabled:jpicpl32 (OrCAD 15.7 Demo) [2004.09.28 19:26:04 | 00,241,777 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\jucheck.exe:*:Enabled:jucheck (OrCAD 15.7 Demo) [2004.09.28 19:26:04 | 00,032,881 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\jusched.exe:*:Enabled:jusched (OrCAD 15.7 Demo) [2004.09.28 18:43:46 | 00,045,185 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\keytool.exe:*:Enabled:keytool (OrCAD 15.7 Demo) [2004.09.28 18:44:12 | 00,045,181 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\kinit.exe:*:Enabled:kinit (OrCAD 15.7 Demo) [2004.09.28 18:44:20 | 00,045,181 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\klist.exe:*:Enabled:klist (OrCAD 15.7 Demo) [2004.09.28 18:44:26 | 00,045,179 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\ktab.exe:*:Enabled:ktab (OrCAD 15.7 Demo) [2004.09.28 19:01:54 | 00,045,204 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\orbd.exe:*:Enabled:orbd (OrCAD 15.7 Demo) [2004.09.28 18:44:06 | 00,045,191 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\policytool.exe:*:Enabled:policytool (OrCAD 15.7 Demo) [2004.09.28 18:58:34 | 00,045,179 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\rmid.exe:*:Enabled:rmid (OrCAD 15.7 Demo) [2004.09.28 18:58:20 | 00,045,191 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\rmiregistry.exe:*:Enabled:rmiregistry (OrCAD 15.7 Demo) [2004.09.28 19:02:00 | 00,045,216 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\servertool.exe:*:Enabled:servertool (OrCAD 15.7 Demo) [2004.09.28 19:02:12 | 00,045,206 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\bin\tnameserv.exe:*:Enabled:tnameserv (OrCAD 15.7 Demo) [2004.09.28 19:17:08 | 00,135,168 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\jre\javaws\javaws.exe:*:Enabled:javaws (OrCAD 15.7 Demo) [2006.07.28 12:39:08 | 08,486,912 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\a2dxf.exe:*:Enabled:a2dxf (OrCAD 15.7 Demo) [2006.08.15 11:48:50 | 22,540,288 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\allegro.exe:*:Enabled:allegro (OrCAD 15.7 Demo) [2006.06.13 12:20:28 | 09,875,456 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\allegro_free_viewer.exe:*:Enabled:allegro_free_viewer (OrCAD 15.7 Demo) [2006.07.18 11:49:46 | 08,691,712 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\artwork.exe:*:Enabled:artwork (OrCAD 15.7 Demo) [2006.06.13 12:22:56 | 00,815,104 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\batch_drc.exe:*:Enabled:batch_drc (OrCAD 15.7 Demo) [2006.06.13 12:23:04 | 08,351,744 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\bbvia.exe:*:Enabled:bbvia (OrCAD 15.7 Demo) [2006.06.13 12:23:18 | 01,019,904 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\bem2d.exe:*:Enabled:bem2d (OrCAD 15.7 Demo) [2006.06.13 12:25:12 | 08,347,648 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\cns_report.exe:*:Enabled:cns_report (OrCAD 15.7 Demo) [2006.06.13 12:25:48 | 08,351,744 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\create_devices.exe:*:Enabled:create_devices (OrCAD 15.7 Demo) [2006.06.13 12:26:00 | 08,372,224 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\create_sym.exe:*:Enabled:create_sym (OrCAD 15.7 Demo) [2006.08.15 11:50:18 | 08,740,864 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbdoctor.exe:*:Enabled:dbdoctor (OrCAD 15.7 Demo) [2003.02.04 13:20:02 | 05,656,647 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbdoctor14.exe:*:Enabled:dbdoctor14 (OrCAD 15.7 Demo) [2006.06.13 12:26:22 | 00,819,200 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbdoctor_ui.exe:*:Enabled:dbdoctor_ui (OrCAD 15.7 Demo) [1997.06.12 14:07:24 | 01,510,400 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbfix11.exe:*:Enabled:dbfix11 (OrCAD 15.7 Demo) [1998.06.22 15:00:16 | 01,793,536 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbfix12.exe:*:Enabled:dbfix12 (OrCAD 15.7 Demo) [2000.01.05 10:10:28 | 04,762,112 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbfix13.exe:*:Enabled:dbfix13 (OrCAD 15.7 Demo) [2006.06.13 12:26:42 | 08,355,840 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dbstat.exe:*:Enabled:dbstat (OrCAD 15.7 Demo) [2006.06.13 12:26:56 | 09,244,672 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dfa_dlg.exe:*:Enabled:dfa_dlg (OrCAD 15.7 Demo) [2006.06.13 12:27:12 | 08,949,760 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dfa_update.exe:*:Enabled:dfa_update (OrCAD 15.7 Demo) [2005.06.03 16:18:08 | 06,377,541 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\downrev14.exe:*:Enabled:downrev14 (OrCAD 15.7 Demo) [2006.06.13 12:28:12 | 08,347,648 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\downrev_library.exe:*:Enabled:downrev_library (OrCAD 15.7 Demo) [2006.06.13 12:28:26 | 09,363,456 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\draw_check.exe:*:Enabled:draw_check (OrCAD 15.7 Demo) [2006.06.13 12:28:42 | 08,744,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dump_libraries.exe:*:Enabled:dump_libraries (OrCAD 15.7 Demo) [2006.07.11 13:02:22 | 09,498,624 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\dxf2a.exe:*:Enabled:dxf2a (OrCAD 15.7 Demo) [2006.06.13 12:29:18 | 00,221,184 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\ecl_schedule.exe:*:Enabled:ecl_schedule (OrCAD 15.7 Demo) [2006.06.13 12:29:24 | 01,175,552 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\enved.exe:*:Enabled:enved (OrCAD 15.7 Demo) [2006.06.13 12:29:56 | 00,204,800 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\explot.exe:*:Enabled:explot (OrCAD 15.7 Demo) [2006.06.13 12:30:02 | 10,932,224 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\extracta.exe:*:Enabled:extracta (OrCAD 15.7 Demo) [2006.06.13 12:30:26 | 08,347,648 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\flash_convert.exe:*:Enabled:flash_convert (OrCAD 15.7 Demo) [2006.06.13 12:30:52 | 00,872,448 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\fpbrowse.exe:*:Enabled:fpbrowse (OrCAD 15.7 Demo) [2006.06.13 11:30:58 | 02,879,488 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\FSvia.exe:*:Enabled:FSvia (OrCAD 15.7 Demo) [2006.06.13 11:31:10 | 00,118,784 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\FSviaSolver.exe:*:Enabled:FSviaSolver (OrCAD 15.7 Demo) [2006.06.13 12:31:04 | 09,056,256 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\gbplot.exe:*:Enabled:gbplot (OrCAD 15.7 Demo) [2006.07.25 12:36:54 | 11,997,184 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\genfeedformat.exe:*:Enabled:genfeedformat (OrCAD 15.7 Demo) [2006.06.13 12:31:36 | 09,035,776 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\genrad.exe:*:Enabled:genrad (OrCAD 15.7 Demo) [2006.06.13 12:31:46 | 11,120,640 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\gloss.exe:*:Enabled:gloss (OrCAD 15.7 Demo) [2006.08.04 13:51:24 | 09,457,664 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\idf_in.exe:*:Enabled:idf_in (OrCAD 15.7 Demo) [2006.06.13 12:32:38 | 08,421,376 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\idf_out.exe:*:Enabled:idf_out (OrCAD 15.7 Demo) [2006.06.13 12:32:52 | 09,609,216 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\iges_in.exe:*:Enabled:iges_in (OrCAD 15.7 Demo) [2006.06.13 12:33:04 | 08,544,256 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\iges_out.exe:*:Enabled:iges_out (OrCAD 15.7 Demo) [2006.06.13 12:33:16 | 00,946,176 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\il_allegro.exe:*:Enabled:il_allegro (OrCAD 15.7 Demo) [2006.06.13 12:33:22 | 08,368,128 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\ipc356_out.exe:*:Enabled:ipc356_out (OrCAD 15.7 Demo) [2006.06.13 11:56:36 | 00,013,312 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\j2script.exe:*:Enabled:j2script (OrCAD 15.7 Demo) [2006.07.10 13:41:30 | 09,650,176 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\l2a.exe:*:Enabled:l2a (OrCAD 15.7 Demo) [2006.06.13 12:34:26 | 10,100,736 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\mbs2lib.exe:*:Enabled:mbs2lib (OrCAD 15.7 Demo) [2006.06.13 12:36:02 | 00,249,856 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\ncroute.exe:*:Enabled:ncroute (OrCAD 15.7 Demo) [2006.06.13 12:36:08 | 00,290,816 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\nctape.exe:*:Enabled:nctape (OrCAD 15.7 Demo) [2006.07.14 12:39:12 | 09,551,872 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\netin.exe:*:Enabled:netin (OrCAD 15.7 Demo) [2006.08.15 11:48:24 | 11,202,560 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\netrev.exe:*:Enabled:netrev (OrCAD 15.7 Demo) [2006.06.13 12:37:08 | 08,921,088 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pads_in.exe:*:Enabled:pads_in (OrCAD 15.7 Demo) [2006.06.13 12:36:52 | 09,183,232 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pad_designer.exe:*:Enabled:pad_designer (OrCAD 15.7 Demo) [2006.06.13 12:37:26 | 09,371,648 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\parallel.exe:*:Enabled:parallel (OrCAD 15.7 Demo) [2006.06.13 12:37:46 | 08,904,704 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pcad_in.exe:*:Enabled:pcad_in (OrCAD 15.7 Demo) [1999.02.09 12:33:30 | 00,204,560 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pe_wordpad.exe:*:Enabled:pe_wordpad (OrCAD 15.7 Demo) [2006.06.13 12:38:02 | 09,486,336 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\placement.exe:*:Enabled:placement (OrCAD 15.7 Demo) [2006.06.13 12:38:16 | 08,355,840 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\plctxt.exe:*:Enabled:plctxt (OrCAD 15.7 Demo) [2006.06.13 12:38:28 | 00,180,224 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\pre_check.exe:*:Enabled:pre_check (OrCAD 15.7 Demo) [2006.06.13 12:06:02 | 00,290,816 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\productServer.exe:*:Enabled:productServer (OrCAD 15.7 Demo) [2006.06.13 12:38:52 | 08,962,048 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\qvupdate.exe:*:Enabled:qvupdate (OrCAD 15.7 Demo) [2006.06.13 12:39:16 | 08,425,472 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\refresh_padstack.exe:*:Enabled:refresh_padstack (OrCAD 15.7 Demo) [2006.07.18 11:53:32 | 08,441,856 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\refresh_symbol.exe:*:Enabled:refresh_symbol (OrCAD 15.7 Demo) [2006.06.26 11:36:20 | 08,519,680 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\refresh_vs.exe:*:Enabled:refresh_vs (OrCAD 15.7 Demo) [2006.06.13 12:39:54 | 09,375,744 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\reftxt.exe:*:Enabled:reftxt (OrCAD 15.7 Demo) [2006.07.28 12:40:36 | 10,956,800 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\report.exe:*:Enabled:report (OrCAD 15.7 Demo) [2006.08.04 13:39:12 | 14,073,856 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\specctra.exe:*:Enabled:specctra (OrCAD 15.7 Demo) [2006.06.30 11:06:34 | 12,574,720 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\spif.exe:*:Enabled:spif (OrCAD 15.7 Demo) [2006.06.13 12:42:24 | 10,633,216 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\spif_batch.exe:*:Enabled:spif_batch (OrCAD 15.7 Demo) [2006.06.13 12:43:00 | 09,420,800 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\swap.exe:*:Enabled:swap (OrCAD 15.7 Demo) [2006.06.13 12:43:20 | 09,420,800 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\systemdump.exe:*:Enabled:systemdump (OrCAD 15.7 Demo) [2006.06.13 12:17:00 | 00,151,552 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\sys_root.exe:*:Enabled:sys_root (OrCAD 15.7 Demo) [2006.07.14 12:43:18 | 09,596,928 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\techfile.exe:*:Enabled:techfile (OrCAD 15.7 Demo) [2001.01.23 22:04:40 | 05,040,128 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\techfile13.exe:*:Enabled:techfile13 (OrCAD 15.7 Demo) [2002.04.03 13:30:04 | 05,808,200 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\techfile14.exe:*:Enabled:techfile14 (OrCAD 15.7 Demo) [2006.06.13 12:18:06 | 01,171,456 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\tlp2.exe:*:Enabled:tlp2 (OrCAD 15.7 Demo) [2006.06.13 12:44:12 | 00,196,608 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\uprev.exe:*:Enabled:uprev (OrCAD 15.7 Demo) [2006.06.13 12:44:18 | 08,364,032 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pcb\bin\zrouter.exe:*:Enabled:zrouter (OrCAD 15.7 Demo) [1996.08.13 07:22:44 | 00,065,024 | ---- | M] (hip communications inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\perl5\bin\perl.exe:*:Enabled:perl (OrCAD 15.7 Demo) [1996.08.13 07:22:00 | 00,022,016 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\perl5\bin\perlglob.exe:*:Enabled:perlglob (OrCAD 15.7 Demo) [1996.08.13 07:22:08 | 00,032,256 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\perl5\ntt\cmd32.exe:*:Enabled:cmd32 (OrCAD 15.7 Demo) [2006.08.08 11:03:06 | 00,028,672 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\IndiceFileGeneration.exe:*:Enabled:IndiceFileGeneration (OrCAD 15.7 Demo) [2006.06.07 13:45:28 | 07,819,264 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\Magneticdesigner.exe:*:Enabled:Magneticdesigner (OrCAD 15.7 Demo) [2006.06.02 15:23:54 | 02,691,072 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\modeled.exe:*:Enabled:modeled (OrCAD 15.7 Demo) [2006.08.08 10:51:50 | 00,098,304 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\MrkSrvr.exe:*:Enabled:MrkSrvr (OrCAD 15.7 Demo) [2006.08.08 10:46:18 | 03,899,392 | ---- | M] (Cadence Design Systems) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\pspice.exe:*:Enabled:pspice (OrCAD 15.7 Demo) [2006.08.02 14:13:36 | 03,350,528 | ---- | M] (Cadence Design Systems) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\pspiceaa.exe:*:Enabled:pspiceaa (OrCAD 15.7 Demo) [2006.08.08 13:32:14 | 00,110,592 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\PSpiceEnc.exe:*:Enabled:PSpiceEnc (OrCAD 15.7 Demo) [2006.05.28 22:08:16 | 00,118,784 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (OrCAD 15.7 Demo) [2006.08.08 11:01:36 | 00,032,768 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\psp_cmd.exe:*:Enabled:psp_cmd (OrCAD 15.7 Demo) [2000.07.21 08:15:12 | 00,037,136 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 15.7 Demo) [2006.08.08 11:02:36 | 01,564,672 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\simmgr.exe:*:Enabled:simmgr (OrCAD 15.7 Demo) [2006.08.08 11:02:22 | 00,225,280 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\simsrvr.exe:*:Enabled:simsrvr (OrCAD 15.7 Demo) [2006.06.02 15:16:48 | 01,953,792 | ---- | M] (Cadence Design System) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\pspice\stmed.exe:*:Enabled:stmed (OrCAD 15.7 Demo) [2006.08.04 13:39:12 | 14,073,856 | ---- | M] (Cadence Design Systems, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\specctra\bin\specctra.exe:*:Enabled:specctra (OrCAD 15.7 Demo) [2006.05.22 14:29:34 | 00,589,890 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 15.7 Demo) [2006.05.22 14:29:32 | 01,835,008 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\merge.exe:*:Enabled:merge (OrCAD 15.7 Demo) [2006.05.22 14:29:32 | 01,921,024 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\mkvdk.exe:*:Enabled:mkvdk (OrCAD 15.7 Demo) [2006.05.22 10:15:54 | 02,560,054 | ---- | M] (Verity, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\search.exe:*:Enabled:search (OrCAD 15.7 Demo) [2006.05.22 10:15:54 | 00,774,144 | ---- | M] (Verity, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\setup.exe:*:Enabled:setup (OrCAD 15.7 Demo) [2006.05.22 10:15:54 | 00,069,632 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\bin\v_uninst.exe:*:Enabled:v_uninst (OrCAD 15.7 Demo) [2006.05.22 10:15:56 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\callback.exe:*:Enabled:callback (OrCAD 15.7 Demo) [2006.05.22 10:15:58 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\filter.exe:*:Enabled:filter (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,053,248 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\htmlini.exe:*:Enabled:htmlini (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,110,592 | ---- | M] (Verity, Inc.) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\htmserv.exe:*:Enabled:htmserv (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,028,672 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\index.exe:*:Enabled:index (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,036,864 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\jstree.exe:*:Enabled:jstree (OrCAD 15.7 Demo) [2006.05.22 10:16:00 | 00,036,864 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\jvtree.exe:*:Enabled:jvtree (OrCAD 15.7 Demo) [2006.05.22 10:16:02 | 00,028,672 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\kvoop.exe:*:Enabled:kvoop (OrCAD 15.7 Demo) [2006.05.22 10:16:04 | 00,037,136 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 15.7 Demo) [2006.05.22 10:16:04 | 00,032,768 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\summary.exe:*:Enabled:summary (OrCAD 15.7 Demo) [2006.05.22 10:16:08 | 01,054,720 | ---- | M] (Microsoft Corporation) -- E:\OrCAD15\OrCAD_15.7_Demo\tools\verity\_nti40\filters\viewers\amovie.exe:*:Enabled:amovie (OrCAD 15.7 Demo) [2000.06.06 23:26:16 | 00,040,960 | ---- | M] () -- E:\OrCAD15\OrCAD_15.7_Demo\tools\specctra\bin\specctra.com:*:Enabled:specctra (OrCAD 15.7 Demo) [2007.12.07 15:07:52 | 28,122,192 | ---- | M] () -- E:\Spill\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 [2007.01.19 12:54:44 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [2007.01.04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [2008.11.10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Programfiler\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] Protocol_Catalog9\Catalog_Entries0000000001 -- File not found Protocol_Catalog9\Catalog_Entries0000000002 -- File not found Protocol_Catalog9\Catalog_Entries0000000003 -- File not found Protocol_Catalog9\Catalog_Entries0000000004 -- File not found Protocol_Catalog9\Catalog_Entries0000000005 -- File not found Protocol_Catalog9\Catalog_Entries0000000006 -- File not found Protocol_Catalog9\Catalog_Entries0000000007 -- File not found Protocol_Catalog9\Catalog_Entries0000000008 -- File not found Protocol_Catalog9\Catalog_Entries0000000009 -- File not found Protocol_Catalog9\Catalog_Entries0000000010 -- File not found Protocol_Catalog9\Catalog_Entries0000000011 -- File not found Protocol_Catalog9\Catalog_Entries0000000012 -- File not found Protocol_Catalog9\Catalog_Entries0000000013 -- File not found Protocol_Catalog9\Catalog_Entries0000000014 -- File not found Protocol_Catalog9\Catalog_Entries0000000015 -- File not found Protocol_Catalog9\Catalog_Entries0000000016 -- File not found Protocol_Catalog9\Catalog_Entries0000000017 -- File not found Protocol_Catalog9\Catalog_Entries0000000018 -- File not found Protocol_Catalog9\Catalog_Entries0000000019 -- File not found Protocol_Catalog9\Catalog_Entries0000000020 -- File not found Protocol_Catalog9\Catalog_Entries0000000021 -- File not found Protocol_Catalog9\Catalog_Entries0000000022 -- File not found Protocol_Catalog9\Catalog_Entries0000000023 -- File not found Protocol_Catalog9\Catalog_Entries0000000024 -- File not found Protocol_Catalog9\Catalog_Entries0000000025 -- File not found ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2008.04.14 17:22:11 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2003.03.10 14:50:44 | 00,138,048 | ---- | M] (Microsoft Corporation) E:\OrCAD_10\Install\tools\Capture\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.01.19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Programfiler\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2008.04.14 17:22:11 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2008.04.14 17:22:11 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.05.30 15:28:10 | 00,963,928 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2003.03.10 14:50:44 | 00,138,048 | ---- | M] (Microsoft Corporation) E:\OrCAD_10\Install\tools\Capture\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.01.19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Programfiler\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Professional "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}"=PDFCreator "{00120409-78E1-11D2-B60F-006097C998E7}"=Microsoft FrontPage 2000 SR-1 "{00200409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 MultiLanguage Pack Disc 1 "{0372F818-7DF0-4056-A258-919A4C440B1B}"=OrCAD 15.7 Demo "{07D7D276-46D2-42F5-BC90-0906C330746E}"=Microsoft Windows Vista Client Headers and Libraries (6001.16533.121) "{0B9E27C7-9ECD-4362-B311-030EA48F8E72}"=Crystal XI "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}"=PC Inspector File Recovery "{0F3FA831-FADA-4685-B175-E81630767028}"=ROCKTEC 2.6.1 "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}"=Sound Blaster X-Fi "{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}"=Microsoft XNA Framework Redistributable 2.0 "{2475D120-09C6-4522-A74C-12AB4ABF06B6}"=Crystal Reports for Visual Studio 2008 Beta 2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}"=Microsoft SQL Server 2005 Tools Express Edition "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}"=3DMark05 "{31800004-6386-4999-A519-518F2D78D8F0}"=Python 2.5.1 "{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8 "{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7 "{3266FEA9-98E9-448B-B235-DAC63D4CE781}"=Unreal Tournament 3 Demo "{32A3A4F4-B792-11D6-A78A-00B0D0150080}"=J2SE Development Kit 5.0 Update 8 "{32A3A4F4-B792-11D6-A78A-00B0D0160040}"=Java SE Development Kit 6 Update 4 "{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{35A3A4F4-B792-11D6-A78A-00B0D0142150}"=Java 2 SDK, SE v1.4.2_15 "{388E4B09-3E71-4649-8921-F44A3A2954A7}"=Microsoft Visual Studio 2005 Tools for Office Runtime "{394BE3D9-7F57-4638-A8D1-1D88671913B7}"=Microsoft AppLocale "{3EAC35F4-FF26-4123-9404-0B5B93DAB570}"=Microsoft .NET Framework 1.1 Norwegian Language Pack "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}"=Logitech Registration "{433C2951-F34C-460A-A6DA-C0ACA0A90B97}"=ATLAS Translation Double Pack V13.0 Trial Version "{45235788-142C-44BE-8A4D-DDE9A84492E5}"=AGEIA PhysX v7.09.13 "{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}"=Windows Media Player 9 Series Winter Fun Pack "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English) "{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.80 "{5821459E-A8E1-42D1-A8B5-34AB19A75E79}"=Windows Mobile 5.0 SDK R2 for Pocket PC "{5DE0220D-1A71-3C1B-9BE1-DF8D3D392BC4}"=Microsoft Document Explorer 2008 "{5DE1B7CF-7429-40CA-987F-6BEE09B63787}"=Prime95 "{5DEDD928-2CBE-35E9-B002-85232EDB120A}"=Microsoft .NET Framework 2.0 Service Pack 1 "{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}"=Sony Vegas 6.0 "{67A87D78-70B5-4999-85CA-DE4C26100C7A}"=IntelliCAD 2001 "{68CE30BC-365D-4BC6-A8F4-520899B6FECD}"=Microsoft Windows SDK Intellisense and Reference Assemblies (6001.16533.121) "{6C0816B0-3CBA-4936-8BF7-FF469D1B07F5}"=Cadence License Manager "{6C3D52D2-6695-4CC7-AAFE-E3CB55F845FF}"=Microsoft SQL Server Compact 3.5 BETA ENU "{6C6C847F-A660-3227-98AA-5BFB3FB72B74}"=Microsoft Visual Studio Tools for Office Runtime 3.0 "{6D74E1F4-32D5-44D0-9054-8D57E981F59F}_is1"=Flash Saving Plugin "{7148F0A8-6813-11D6-A77B-00B0D0142150}"=Java 2 Runtime Environment, SE v1.4.2_15 "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA nTune "{82FD47B3-AEAE-4A3C-81D9-CC1CC9D520E9}"=Promise Disk Controller Manager "{8CD05946-4102-3560-B475-9EA2C5B22388}"=Microsoft Device Emulator version 3.0 - ENU "{8E7D9374-438A-3E7F-95A2-99B7D67838EB}"=Microsoft .NET Framework 3.5 (Pre-Release Version) "{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system "{90120000-0021-0000-0000-0000000FF1CE}"=Microsoft Office Visual Web Developer 2007 "{90120000-0021-0409-0000-0000000FF1CE}"=Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007 "{930A590D-29F8-4554-8DC8-27B8A17DD637}"=Microsoft Windows Vista Client Utilities for Win32 Development (6001.16533.121) "{9876452C-BC8C-4938-9142-D27DAEFE7DEC}"=Stickman 4.9 "{98FA9751-E7E0-4509-BE22-0E66BE8592B4}"=MySQL Tools for 5.0 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}"=Counter-Strike 1.6 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}"=SPORE™ "{A5BB0E8C-6BCE-3486-A705-82F5707C5059}"=Windows SDK .Net Tools "{A919EFA5-ADD6-42CB-AE11-EE5DAAB686D5}"=Windows Mobile 5.0 SDK R2 for Smartphone "{A922F4CD-6129-4B8A-A00D-C6185C1A39B2}"=Microsoft Windows Vista Client Common Utilities (6001.16533.121) "{AC76BA86-7AD7-1044-7B44-A71000000002}"=Adobe Reader 7.1.0 - Norsk "{AC76BA86-7AD7-2447-0000-705000000001}"=Adobe Reader Chinese Simplified Fonts "{AC76BA86-7AD7-2448-0000-705000000001}"=Adobe Reader Chinese Traditional Fonts "{AC76BA86-7AD7-5464-3428-7050000000A7}"=Adobe Reader 7.0.5 Language Support "{AC76BA86-7AD7-5760-0000-705000000001}"=Adobe Reader Japanese Fonts "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}"=Windows Live Messenger "{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}"=Sony Ericsson PC Suite "{B6CB9E38-ED2F-33C6-9A58-11A37F4F5C96}"=Microsoft Visual Studio 2008 Professional Edition - ENU "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3 "{C191BE7C-8542-4A61-973A-714EF76C5995}"=Logitech QuickCam Software "{C1EDC2C9-9A6B-4140-A2B9-5D624E2FD6D4}"=Microsoft .NET Compact Framework 3.5 Pre-Release "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1"=SiSoftware Sandra Lite 2007.SP1 (Win64/32/CE) "{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}"=Sony Media Manager 2.0 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4 "{CF7C2683-9FBE-4223-84E7-43FED4912CD5}"=Microsoft .NET Framework 2.0 Language Pack - NOR "{D4A065EE-F9D5-4229-A8B8-9E37DBF36D92}"=Microsoft SQL Server Compact 3.5 Design Tools BETA ENU "{D680C913-5955-469D-9D88-C1940F7506D6}"=RAW FILE CONVERTER LE "{D7E085D3-98D1-4712-9B12-30935DC60774}"=Byggforsk - Byggforsk kunnskapssystemer "{D8E22700-87B9-46A1-81AA-D260BADA4BD1}"=Microsoft SQL Server Compact 3.5 for Devices BETA ENU "{DD02FB0E-0255-3174-A4C4-AADD23486DCC}"=Microsoft .NET Framework 3.0 Service Pack 1 "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware "{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"= "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}"=Microsoft .NET Compact Framework 2.0 SP2 "{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager "{EF901A4B-A25A-4962-83C6-C6691D062ED9}"=Nero Mega Plugin Pack "{F3ECED46-91CC-4F44-9917-9A20085D5D26}"=Debugging Tools for Windows "{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}"=Natural Color "{F6A3CF9D-A775-41F6-AA22-68EF52893339}"=Release OrCAD 10.0 "{F6EFE637-E44E-4648-9183-D77E9F48F9F1}"=Graphical Analysis 3.2 "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client "A060544AC87C9AA33D1ADB69773E5BB98CEA6914"=Windows-driverpakke - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin "Adobe Shockwave Player"=Adobe Shockwave Player "AllToAVI_is1"=AllToAVI ver3 Beta1 "ArcSoft PhotoBase"=ArcSoft PhotoBase "ArcSoft PhotoStudio 2000"=ArcSoft PhotoStudio 2000 "Aspell"=Aspell Data "Aspell6-Dictionary-en"=Aspell 0.6 Dictionary (Language: en) "Aspell6-Dictionary-nb"=Aspell 0.6 Dictionary (Language: nb) "Aspell6-Dictionary-nn"=Aspell 0.6 Dictionary (Language: nn) "ASUS Probe V2.21.08"=ASUS Probe V2.21.08 "audcle"=Plus! MP3 Audio Converter LE "AudioCS"=Creative Audio Console "AutoGK"=Auto Gordian Knot 2.45 "AviSynth"=AviSynth 2.5 "Bink and Smacker"=Bink and Smacker "BORGChat"=BORGChat (remove only) "CamStudio"=CamStudio "Canon ScanGear Toolbox CS"=Canon ScanGear Toolbox CS 2.2 "CANONBJ_Deinstall_CNMCP79.DLL"=Canon iP5200 "CCleaner"=CCleaner (remove only) "CobBackup8"=Cobian Backup 8 "Creative Media Toolbox"=Creative Media Toolbox "DVD Flick_is1"=DVD Flick "DVD Identifier_is1"=DVD Identifier "Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint "EVEREST Home Edition_is1"=EVEREST Home Edition v1.10 "Fraps"=Fraps (remove only) "GCS 1.4.0.35"=GrabClipSave "GPL Ghostscript 8.15"=GPL Ghostscript 8.15 "GPL Ghostscript 8.63"=GPL Ghostscript 8.63 "GPL Ghostscript Fonts"=GPL Ghostscript Fonts "GSview 4.9"=GSview 4.9 "Hamachi"=Hamachi 1.0.1.5 "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "Inkscape"=Inkscape 0.45.1 "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA nTune "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager "Joystick 2 Mouse 3"=Joystick 2 Mouse 3 "Kjemilæreren"=Kjemilæreren "KLiteCodecPack_is1"=K-Lite Mega Codec Pack 2.2.0 "LogonStudio"=LogonStudio "LyX"=LyX 1.5.6-1 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Maple 10"=Maple 10 "MatlabR14SP3"=MATLAB 7.1 "MatlabR2007b"=MATLAB R2007b "MCSE Trainer_is1"=MCSE Trainer "MediaNavigation.CDLabelPrint"=CD-LabelPrint "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - NOR"=Microsoft .NET Framework 2.0 Language Pack - NOR "Microsoft .NET Framework 3.5 (Pre-Release Version)"=Microsoft .NET Framework 3.5 (Pre-Release Version) "Microsoft Document Explorer 2008"=Microsoft Document Explorer 2008 "Microsoft SQL Server 2005"=Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime"=Kjøretidsfil for Visual Studio 2005-verktøy for Office, 2. utgave "Microsoft Visual Studio 2008 Professional Edition - ENU"=Microsoft Visual Studio 2008 Professional Edition - ENU "Microsoft Visual Studio Tools for Office Runtime 3.0"=Microsoft Visual Studio Tools for Office Runtime 3.0 "MiKTeX 2.7"=MiKTeX 2.7 "MinGW"=MinGW 5.1.3 "Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20) "Mozilla Thunderbird (2.0.0.18)"=Mozilla Thunderbird (2.0.0.18) "mplibwiz.inf"=Media Library Management Wizard "mpxlswiz.inf"=Windows Media Player Playlist Import to Excel Wizard "MRU-Blaster_is1"=MRU-Blaster v1.5 (Database 3/28/2004) "MSYS-1.0_is1"="Minimal SYStem 1.0.10" "NeroMultiInstaller!UninstallKey"=Nero Suite "NetMos Technology"=NetMos Multi-IO Controller "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "NOD32"=NOD32 Antivirus System "NVIDIA Drivers"=NVIDIA Drivers "Nvu_is1"=Nvu 1.0 "Orcad Family Release 9.2 Lite Edition"=Orcad Family Release 9.2 Lite Edition "PeerGuardian_is1"=PeerGuardian 2.0 "Picasa2"=Picasa 2 "QcDrv"=Drivrutiner for Logitech® Camera "RealVNC_is1"=VNC Free Edition 4.1.2 "ShockwaveFlash"=Adobe Flash Player 9 ActiveX "Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4 "SpywareBlaster_is1"=SpywareBlaster 4.1 "StyleBuilder"=StyleBuilder (remove only) "SysInfo"=Creative System Information "Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2 "TeXLive"=TeXLive 2008 "Totalcmd"=Total Commander (Remove or Repair) "TrueCrypt"=TrueCrypt "VisualWebDeveloper"=Microsoft Visual Studio Web Authoring Component "VLC media player"=VideoLAN VLC media player 0.8.6 "VobSub"=VobSub v2.23 (Remove Only) "WIC"=Windows Imaging Component "Windows Media Format Runtime"=Windows Media Format Runtime "Windows Media Player"=Windows Media Player 10 "Windows Script"=Microsoft Windows Script 5.7 "Windows XP Service Pack"=Windows XP Service Pack 3 "WinPcapInst"=WinPcap 3.01 alpha "WinRAR archiver"=WinRAR archiver "WM_Recorder_9.0"=WM Recorder 9.1 "WMBK2"=Windows Media Bonus Pack for Windows XP "World of Warcraft"=World of Warcraft "wxPython2.8-unicode-py25_is1"=wxPython 2.8.6.1 (unicode) for Python 2.5 "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0 "XviD MPEG4 Video Codec"=XviD MPEG4 Video Codec (remove only) "ZoneAlarm"=ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}"=Unreal Tournament 3 Demo "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3 "JFileRecovery"=JFileRecovery "MXpie Patch"=MXpie Patch for WinMX Network/WPNP 3.3.3.4 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-484763869-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}"=Unreal Tournament 3 Demo "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}"=Unreal Tournament 3 "JFileRecovery"=JFileRecovery "MXpie Patch"=MXpie Patch for WinMX Network/WPNP 3.3.3.4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.12.2008 11:29:12 | Computer Name = 2RZN | Source = nview_info | ID = 11141121 Description = Error - 17.12.2008 11:29:12 | Computer Name = 2RZN | Source = nview_info | ID = 11141121 Description = Error - 17.12.2008 11:29:12 | Computer Name = 2RZN | Source = nview_info | ID = 11141121 Description = Error - 17.12.2008 11:29:12 | Computer Name = 2RZN | Source = nview_info | ID = 11141121 Description = Error - 17.12.2008 11:29:12 | Computer Name = 2RZN | Source = nview_info | ID = 11141121 Description = Error - 17.12.2008 11:29:12 | Computer Name = 2RZN | Source = nview_info | ID = 11141121 Description = Error - 29.12.2008 05:31:38 | Computer Name = 2RZN | Source = nview_info | ID = 11141121 Description = Error - 29.12.2008 05:31:43 | Computer Name = 2RZN | Source = nview_info | ID = 11141121 Description = Error - 02.01.2009 05:09:55 | Computer Name = 2RZN | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in zlclient.exe [3716]. Just-In-Time debugging this exception failed with the following error: The logged in user did not have access to debug the crashing application. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 02.01.2009 05:09:57 | Computer Name = 2RZN | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in zlclient.exe [3716]. Just-In-Time debugging this exception failed with the following error: The logged in user did not have access to debug the crashing application. Check the documentation index for 'Just-in-time debugging, errors' for more information. [ System Events ] Error - 31.12.2008 06:03:49 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7000 Description = Tjenesten DS1410D kan ikke startes på grunn av følgende feil: %%2 Error - 01.01.2009 09:05:52 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7000 Description = Tjenesten DS1410D kan ikke startes på grunn av følgende feil: %%2 Error - 01.01.2009 17:37:44 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7000 Description = Tjenesten DS1410D kan ikke startes på grunn av følgende feil: %%2 Error - 01.01.2009 18:05:35 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7034 Description = Tjenesten Java Quick Starter stoppet uventet. Dette har skjedd 1 gang(er). Error - 01.01.2009 19:29:23 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7034 Description = Tjenesten MSSQL$SONY_MEDIAMGR stoppet uventet. Dette har skjedd 1 gang(er). Error - 02.01.2009 03:42:12 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7000 Description = Tjenesten DS1410D kan ikke startes på grunn av følgende feil: %%2 Error - 02.01.2009 05:04:19 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7034 Description = Tjenesten Logitech Process Monitor stoppet uventet. Dette har skjedd 1 gang(er). Error - 02.01.2009 05:19:10 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7000 Description = Tjenesten DS1410D kan ikke startes på grunn av følgende feil: %%2 Error - 02.01.2009 11:18:04 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7000 Description = Tjenesten DS1410D kan ikke startes på grunn av følgende feil: %%2 Error - 03.01.2009 06:42:05 | Computer Name = 2RZN | Source = Service Control Manager | ID = 7000 Description = Tjenesten DS1410D kan ikke startes på grunn av følgende feil: %%2 < End of report > Samme resultat både på google.no og google.com, det smme gjelder forsåvidt også fra yahoo. Problemet er også det samme i både IE og Firefox. Kildekoden jeg får når jeg går inn på www.google.no er: Klikk for å se/fjerne spoilerteksten nedenfor <html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google</title><style>body,td,a,p,.h{font-family:arial,sans-serif}.h{color:#36c;font-size:20px}.q{color:#00c}.ts td{padding:0}.ts{border-collapse:collapse}#gbar{height:22px;padding-left:2px}.gbh,.gbd{border-top:1px solid #c9d7f1;font-size:1px}.gbh{height:0;position:absolute;top:24px;width:100%}#gbi,#gbs{background:#fff;left:0;position:absolute;top:24px;visibility:hidden;z-index:1000}#gbi{border:1px solid;border-color:#c9d7f1 #36c #36c #a2bae7;z-index:1001}#guser{padding-bottom:7px !important}#gbar,#guser{font-size:13px;padding-top:1px !important}@media all{.gb1,.gb3{height:22px;margin-right:.73em;vertical-align:top}#gbar{float:left}}.gb2{display:block;padding:.2em .5em}a.gb1,a.gb2,a.gb3{color:#00c !important}.gb2,.gb3{text-decoration:none}a.gb2:hover{background:#36c;color:#fff !important}</style><script>window.google={kEI:"flZfScKSOIGywAGT9uHdDA",kEXPI:"17259,17315",kHL:"no"}; google.y={};google.x=function(e,g){google.y[e.id]=[e,g];return false};window.clk=function(b,c,d,e,f,g){if(document.images){var a=encodeURIComponent||escape;(new Image).src="/url?sa=T"+(c?"&oi="+a©:"")+(d?"&cad="+a(d):"")+"&ct="+a(e)+"&cd="+a(f)+(b?"&url="+a(b.replace(/#.*/,"")).replace(/\+/g,"%2B"):"")+"&ei=flZfScKSOIGywAGT9uHdDA"+g}return true}; window.gbar={};(function(){var b=window.gbar,f,h;b.qs=function(a){var c=window.encodeURIComponent&&(document.forms[0].q||"").value;if©a.href=a.href.replace(/([?&])q=[^&]*|$/,function(i,g){return(g||"&")+"q="+encodeURIComponent©})};function j(a,c){a.visibility=h?"hidden":"visible";a.left=c+"px"}b.tg=function(a){a=a||window.event;var c=0,i,g=window.navExtra,d=document.getElementById("gbi"),e=a.target||a.srcElement;a.cancelBubble=true;if(!f){f=document.createElement(Array.every||window.createPopup?"iframe":"div");f.frameBorder="0";f.src="#";d.parentNode.appendChild(f).id="gbs";if(g)for(i in g)d.insertBefore(g,d.firstChild).className="gb2";document.onclick=b.close}if(e.className!="gb3")e=e.parentNode;do c+=e.offsetLeft;while(e=e.offsetParent);j(d.style,c);f.style.width=d.offsetWidth+"px";f.style.height=d.offsetHeight+"px";j(f.style,c);h=!h};b.close=function(a){h&&b.tg(a)}})();</script></head><body bgcolor=#ffffff text=#000000 link=#0000cc vlink=#551a8b alink=#ff0000 onload="document.f.q.focus();if(document.images)new Image().src='/images/nav_logo3.png'" topmargin=3 marginheight=3><div id=gbar><nobr><b class=gb1>Nett</b> <a href="http://images.google.no/imghp?hl=no&tab=wi" onclick=gbar.qs(this) class=gb1>Bilder</a> <a href="http://news.google.no/nwshp?hl=no&tab=wn" onclick=gbar.qs(this) class=gb1>Nyheter</a> <a href="http://groups.google.no/grphp?hl=no&tab=wg" onclick=gbar.qs(this) class=gb1>Grupper</a> <a href="http://blogsearch.google.no/?hl=no&tab=wb" onclick=gbar.qs(this) class=gb1>Blogger</a> <a href="http://mail.google.com/mail/?hl=no&tab=wm" class=gb1>Gmail</a> <a href="http://www.google.no/intl/no/options/" onclick="this.blur();gbar.tg(event);return !1" class=gb3><u>mer</u> <small>▼</small></a><div id=gbi> <a href="http://www.google.com/calendar/render?hl=no&tab=wc" class=gb2>Kalender</a> <a href="http://picasaweb.google.no/home?hl=no&tab=wq" onclick=gbar.qs(this) class=gb2>Fotografier</a> <a href="http://docs.google.com/?hl=no&tab=wo" class=gb2>Dokumenter</a> <a href="http://www.google.no/reader/view/?hl=no&tab=wy" class=gb2>Leser</a> <a href="http://sites.google.com/?hl=no&tab=w3" class=gb2>Nettsteder</a></div> </nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div><div align=right id=guser style="font-size:84%;padding:0 0 4px" width=100%><nobr><a href="/url?sa=p&pref=ig&pval=3&q=http://www.google.no/ig%3Fhl%3Dno%26source%3Diglk&usg=AFQjCNExjlN2Efy9qAZb5MJ1vS4vq9PHNA">iGoogle</a> | <a href="https://www.google.com/accounts/Login?continue=http://www.google.no/&hl=no">Logg inn</a></nobr></div><center><br clear=all id=lgpd><img alt="Google" height=110 src="/intl/no_no/images/logo.gif" width=276><br><br><form action="/search" name=f><table cellpadding=0 cellspacing=0><tr valign=top><td width=25%> </td><td align=center nowrap><input name=hl type=hidden value=no><input autocomplete="off" maxlength=2048 name=q size=55 title="Google-søk" value=""><br><input name=btnG type=submit value="Google-søk"><input name=btnI type=submit value="Jeg prøver lykken"></td><td nowrap width=25%><font size=-2> <a href=/advanced_search?hl=no>Avansert søk</a><br> <a href=/preferences?hl=no>Innstillinger</a><br> <a href=/language_tools?hl=no>Språkverktøy</a></font></td></tr><tr><td align=center colspan=3><font size=-1><span style="text-align:left">Søk: <input id=all type=radio name=meta value="" checked><label for=all> nettet </label><input id=lgr type=radio name=meta value="lr=lang_no"><label for=lgr> dokumenter på norsk </label><input id=cty type=radio name=meta value="cr=countryNO"><label for=cty> sider fra Norge </label></span></font></td></tr></table></form><br><font size=-1>Google.no nå tilgjengelig på <a href="http://www.google.no/setprefs?sig=0_0tXx8Ra35Zg4oXBZPrvsTcZdgVc=&hl=nn">norsk (nynorsk)</a> </font><br><br><br><font size=-1><a href="/intl/no/ads/">Annonsér med Google</a> - <a href="/services/">Forretningsløsninger</a> - <a href="/intl/no/about.html">Alt om Google</a> - <a href=http://www.google.com/ncr>Google.com in English</a></font><p><font size=-2>©2009 Google</font></p></center></body><script>if(google.y)google.y.first=[];window.setTimeout(function(){var xjs=document.createElement('script');xjs.src='/extern_js/f/CgJubxICbm8rMAo4DSwrMA44AywrMBg4Ayw/-MmGw8We2CQ.js';document.getElementsByTagName('head')[0].appendChild(xjs)},0);google.y.first.push(function(){google.ac.i(document.f,docume t.f.q,'','')})</script></html> Lenke til kommentar
Thorsen Skrevet 3. januar 2009 Forfatter Del Skrevet 3. januar 2009 (endret) Tok en titt på kildekoden til google.no på en annen maskin som ikke har dette problemet, men så ikke noen store forskjeller. Men jeg tok en titt og sammenlignet google.com med google.no siden. Spesielt interessant er nok første linjen på google.com: <!doctype html><head><script src=//7.7.7.0/></script> <style>body{background:#fff;color:#000;margin:3px 8px}#gbar{height:22px;padding-left:2px}.gbh,.gbd{border-top:1px solid #c9d7f1;font-size:1px}.gbh{height:0;position:absolute;top:24px;width:100%}#gbi,#gbs{background:#fff;left:0;position:absolute;top:24px;visibility:hidden;z-index:1000}#gbi{border:1px solid;border-color:#c9d7f1 #36c #36c #a2bae7;z-index:1001}#guser{padding-bottom:7px !important}#gbar,#guser{font-size:13px;padding...........(resten er ikke med i posten) Legg merke til <script src=//7.7.7.0/></script> delen. Dette kan da umulig stemme ? Nå bruker jo forsåvidt også google.no google.com sine søkemotorer for å søke så vidt jeg vet noe som skulle forklare hvorfor søkene mine er feil både på .no og .com. Tastet inn 7.7.7.0 for å undesøke, følgende tekst kommer opp: document.write("<div id=_p_></div>");window.onload=function(){try{var u=document.body.getAttribute("unload");if(u)eval(u);}catch(e){}};// Noen som kan få noe nyttig ut av dette ? Endret 3. januar 2009 av Thorsen Lenke til kommentar
norbat Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 Sørg for at du kan se skjulte filer og mapper samt vis beskyttede operativsystemfiler Søk etter fila wdmaud.sys og fortell hvor du finner den. En noe langdryg men god onlineskanner: http://www.kaspersky.com/virusscanner. Post loggen den lager. Lenke til kommentar
Thorsen Skrevet 3. januar 2009 Forfatter Del Skrevet 3. januar 2009 Fant filen på flere steder se vedlagt bilde fra søkeresultat: Skal kjøre den webscanneren nå. Lenke til kommentar
norbat Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 (endret) Ta og rename wdmaud.sys-fila som ligger i System32-mappa Rename fila til wdmaud.sys.vir. Restart pc og sjekk om du fortsatt har probl. med google Edit: Vent gjerne med å kjøre onlineskanneren. Endret 3. januar 2009 av norbat Lenke til kommentar
Thorsen Skrevet 3. januar 2009 Forfatter Del Skrevet 3. januar 2009 (endret) Takker det virket Kan jeg spørre om hvordan du fikk den mistanken ? Uansett er det noe mer jeg bør gjøre nå for å unngå at problemet kommer igjen ? Edit: Stikker ut nå, dersom du er i Stavanger en gang skal jeg spandere en pils på deg norbat :!: Endret 3. januar 2009 av Thorsen Lenke til kommentar
norbat Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 (endret) Før du stikker ut, kunne du ha lastet opp fila på Virustotal. Kunne vært interessant og sett hvilke av-program som tar den. Fint om du poster resultatet her. Jeg vet at Kaspersky tar fila som et rootkit. Fila kan i noen sammenhenger opptre sammen med en fil med navnet sysaudio.sys (ligger også i system32-mappa.) Du kunne ha sjekket om den ligger der hos deg (tvilsomt da Malwarebytes tar den, men...) Den sender deg via 1.2.3.0 (mens wdmaud.sys via 7.7.7.0) Edit: og wdmaud.sys-fila du renamet, sletter du. Pr. 29.12.08 viser Virustotal følgende ang. wdmaud.sys (i system32): Klikk for å se/fjerne innholdet nedenfor File wdmaud.sys received on 12.29.2008 21:59:20 (CET) Current status: finished Result: 12/39 (30.77%) Compact Print results Antivirus Version Last Update Result a-squared - - Rootkit.Win32.Agent!IK AhnLab-V3 - - - AntiVir - - Rkit/Agent.fwt Authentium - - - Avast - - - AVG - - Generic12.AHJY BitDefender - - - CAT-QuickHeal - - - ClamAV - - - Comodo - - - DrWeb - - Trojan.DownLoad.26637 eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - Rootkit.Win32.Agent.fwt Fortinet - - - GData - - - Ikarus - - Rootkit.Win32.Agent K7AntiVirus - - - Kaspersky - - Rootkit.Win32.Agent.fwt McAfee - - - McAfee+Artemis - - - Microsoft - - Trojan:Win32/Daonol.B NOD32 - - - Norman - - W32/Rootkit.ACJF Panda - - - PCTools - - - Prevx1 - - Malicious Software Rising - - - SecureWeb-Gateway - - Rootkit.Agent.fwt Sophos - - Troj/Daolno-A Sunbelt - - - Symantec - - - TheHacker - - - TrendMicro - - - VBA32 - - - ViRobot - - - VirusBuster - - - Endret 3. januar 2009 av norbat Lenke til kommentar
snippsat Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 Ja det var bra,den var viren den Fleste av de verktøyene vi bruker greide ikke og fange den opp. 7.7.7.0 i kildekoden var fint at du fant Tenkte jeg skulle sammenligne med min kildekode,men rakk ikke det. Lenke til kommentar
Thorsen Skrevet 4. januar 2009 Forfatter Del Skrevet 4. januar 2009 (endret) Informasjon fra http://www.virustotal.com. File wdmaud.sys.vir received on 01.04.2009 02:50:08 (CET) Result: 18/38 (47.37%) Antivirus Version Last Update Result a-squared 4.0.0.73 2009.01.03 Rootkit.Win32.Agent!IK AhnLab-V3 2008.12.31.0 2009.01.03 - AntiVir 7.9.0.45 2009.01.03 Rkit/Agent.fwt.2 Authentium 5.1.0.4 2009.01.03 W32/Rootkit.AZY Avast 4.8.1281.0 2009.01.03 Win32:Agent-ADLA AVG 8.0.0.199 2009.01.03 - BitDefender 7.2 2009.01.04 Rootkit.10778 CAT-QuickHeal 10.00 2009.01.03 Rootkit.Agent.fwt ClamAV 0.94.1 2009.01.04 - Comodo 869 2009.01.03 - DrWeb 4.44.0.09170 2009.01.04 Trojan.DownLoad.26637 eTrust-Vet 31.6.6287 2009.01.01 - Ewido 4.0 2008.12.31 - F-Prot 4.4.4.56 2009.01.03 W32/Rootkit.AZY F-Secure 8.0.14470.0 2009.01.04 Rootkit.Win32.Agent.fwt Fortinet 3.117.0.0 2009.01.03 - GData 19 2009.01.04 Rootkit.10778 Ikarus T3.1.1.45.0 2009.01.03 Rootkit.Win32.Agent K7AntiVirus 7.10.575 2009.01.03 - Kaspersky 7.0.0.125 2009.01.04 Rootkit.Win32.Agent.fwt McAfee 5483 2009.01.03 - McAfee+Artemis 5483 2009.01.03 - Microsoft 1.4205 2009.01.03 Trojan:Win32/Daonol.B NOD32 3734 2009.01.03 - Norman 5.80.02 2009.01.02 W32/Rootkit.ACJF Panda 9.0.0.4 2009.01.03 - PCTools 4.4.2.0 2009.01.03 - Prevx1 V2 2009.01.04 Malicious Software Rising 21.10.22.00 2008.12.31 - SecureWeb-Gateway 6.7.6 2009.01.03 Rootkit.Agent.fwt.2 Sophos 4.37.0 2009.01.04 Troj/Daonol-Fam Sunbelt 3.2.1809.2 2008.12.22 - Symantec 10 2009.01.04 - TheHacker 6.3.1.4.204 2009.01.02 - TrendMicro 8.700.0.1004 2009.01.02 - VBA32 3.12.8.10 2009.01.03 Rootkit.Win32.Agent.fwt ViRobot 2009.1.3.1541 2009.01.03 - VirusBuster 4.5.11.0 2009.01.03 - Additional information File size: 14336 bytes MD5...: 5f0cc3ca7190e5a9d6fe39a3f4b56be1 SHA1..: f2527b476203672280d57c07abd362b669048caa SHA256: 3e18c602b6ebf38282af7c9486a0ea228e1a44cdfdd60e22b2ff6898e402b60f SHA512: 7f257cec82ff3ad025cc1359a7190f330791ad14219f3c406139b164373d50da 0968b95d5088146cbf1d91b12eea01b9b96c93bcc8edfd9a664b6c743ecf8994 ssdeep: 384:nwyt/XlmpNSAvsR/xBHlTxE+CZE88AHq:wytETHkdHlTxEJ8 PEiD..: - TrID..: File type identification Win32 Executable Generic (58.3%) Win16/32 Executable Delphi generic (14.1%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.6%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40371c timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0x273c 0x2800 6.63 53573f1cd93691b4b2c19fa164dd12bf DATA 0x4000 0x1d0 0x200 4.40 53df5fb184de6a2d9ffb7ee38b9dd00b BSS 0x5000 0xd2f5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x13000 0x33c 0x400 3.93 29aa9de1ce277781691808ed4fcafc52 .reloc 0x14000 0x220 0x400 4.07 2a678e03f7dcb0458d7ce2aa0f4f3436 .rsrc 0x15000 0x18c 0x200 2.53 6985dc4739cbf475a86abbfbe1007db3 ( 3 imports ) > kernel32.dll: GetCurrentThreadId, ExitProcess, UnhandledExceptionFilter, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, FreeLibrary, GetProcessHeap > kernel32.dll: VirtualFree, VirtualAlloc, Sleep, ReadFile, LoadLibraryA, HeapFree, HeapAlloc, GetTickCount, GetSystemTime, GetProcessHeap, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLastError, GetFileSize, GetComputerNameA, FindAtomA, ExitProcess, CreateThread, CreateFileA, CloseHandle, AddAtomA > wsock32.dll: WSAGetLastError ( 0 exports ) Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=70822DBB001F2C9D382800DC8979E4004BAE8EA0' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=70822DBB001F2C9D382800DC8979E4004BAE8EA0</a> sysaudio.sys ligger ikke i system32 mappa mi. Takker og bukker for all hjelp Sendte også fila til analysis hos eset som har levert nod32 (som jeg bruker) før jeg slettet den. Edit: Fant forresten også ut hva noen av filene ComboFix slettet var til. Disse hørte til Wireshark som er et program for analyse av nettverkspakker. Endret 4. januar 2009 av Thorsen Lenke til kommentar
norbat Skrevet 4. januar 2009 Del Skrevet 4. januar 2009 De filene combofix fjernet er legale, men de kan også bli installert av div. trojanere. Regner med det er derfor combofix fjerner disse. No mercy. Combofix legger det den sletter i en karantenemappe (Qoobox). Den legger til filendelsen .vir. Hvis du vil ha tilbake disse filene, fjerner du .vir og kopierer over fila til riktig plassering. Alt. er å installere aktuelle program på nytt. Hvis alt kjører slik det skal, bør du fjerne combofix. Det gjør du ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil fjerne backups etc. samt nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
Thorsen Skrevet 4. januar 2009 Forfatter Del Skrevet 4. januar 2009 Takker for tipset Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå