Zoek.exe v5.0.0.0 Updated 12-March-2015 Tool run by Rene on vr 13/03/2015 at 10:16:32,90. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Public\Documents\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-03-09-171343.log 76054 bytes C:\zoek-results2015-03-10-091425.log 63029 bytes C:\zoek-results2015-03-10-105609.log 285281 bytes C:\zoek-results2015-03-10-131841.log 2986 bytes C:\zoek-results2015-03-11-091824.log 336288 bytes C:\zoek-results2015-03-11-143829.log 19981 bytes C:\zoek-results2015-03-13-091612.log 13616 bytes ==== Registry Search Results for "PowerDirector12" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\CyberLink\PowerDirector12] [HKEY_LOCAL_MACHINE\SOFTWARE\CyberLink\PowerDirector12\12.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}] "InstallLocation"="C:\\Program Files\\CyberLink\\PowerDirector12" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1646825-D391-42A0-93AA-27FA810DA093}] "DisplayIcon"="C:\\Program Files\\CyberLink\\PowerDirector12\\PDR12.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1646825-D391-42A0-93AA-27FA810DA093}] "InstallLocation"="C:\\Program Files\\CyberLink\\PowerDirector12" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerDirector12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerDirector12] "Path"="C:\\Program Files\\CyberLink\\PowerDirector12" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerDirector12] @="C:\\Program Files\\CyberLink\\PowerDirector12\\PDR12.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0cdadjfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0cdadjfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0cdadjfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0cdadjfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0cdadjfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-13" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0cdadjfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dz3dtfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dz3dtfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dz3dtfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dz3dtfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dz3dtfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dz3dtfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzafile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzafile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzafile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzafile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzafile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-11" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzafile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzmfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzmfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzmfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzmfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzmfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-6" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzmfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzpfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzpfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzpfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzpfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzpfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-8" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzpfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzsfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzsfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzsfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzsfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzsfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-9" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dzsfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dztfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dztfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dztfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dztfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dztfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-7" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0dztfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdlfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdlfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdlfile\DefaultIcon] @="C:\\Program Files\\CyberLink\\PowerDirector12\\PDR12.exe,2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdlfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdlfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdlfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-5" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdlfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdlfile\shell\Open\command] @="\"C:\\Program Files\\CyberLink\\PowerDirector12\\PDR12.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdmfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdmfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdmfile\DefaultIcon] @="C:\\Program Files\\CyberLink\\PowerDirector12\\PDR12.exe,3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdmfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdmfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdmfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-12" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdmfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdmfile\shell\Open\command] @="\"C:\\Program Files\\CyberLink\\PowerDirector12\\PDR12.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdsfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdsfile\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdsfile\DefaultIcon] @="C:\\Program Files\\CyberLink\\PowerDirector12\\PDR12.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdsfile\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdsfile\shell\Open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdsfile\shell\Open] @="@C:\\Program Files\\CyberLink\\PowerDirector12\\MUITransfer\\PDRMUIRes.dll,-4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdsfile\shell\Open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerDirector12.0pdsfile\shell\Open\command] @="\"C:\\Program Files\\CyberLink\\PowerDirector12\\PDR12.exe\" \"%1\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{A78C89F8-BCFC-4395-ABEA-60291D5854FF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files\\CyberLink\\PowerDirector12\\PDR10.EXE|Name=_this_program_will_be_deleted|Desc=CyberLink PowerDirector|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{41B86312-7691-4859-9CE4-A0B3AFDD3B0C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files\\CyberLink\\PowerDirector12\\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{A78C89F8-BCFC-4395-ABEA-60291D5854FF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files\\CyberLink\\PowerDirector12\\PDR10.EXE|Name=_this_program_will_be_deleted|Desc=CyberLink PowerDirector|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{41B86312-7691-4859-9CE4-A0B3AFDD3B0C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files\\CyberLink\\PowerDirector12\\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{A78C89F8-BCFC-4395-ABEA-60291D5854FF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files\\CyberLink\\PowerDirector12\\PDR10.EXE|Name=_this_program_will_be_deleted|Desc=CyberLink PowerDirector|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{41B86312-7691-4859-9CE4-A0B3AFDD3B0C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files\\CyberLink\\PowerDirector12\\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|" [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\Hanuman\Convert] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\pal\\Nature.wmv"=hex(0):64,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MagicDirector\Descriptor] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\pal\\Nature.wmv"=hex(0):64,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\grassy.jpg"=hex(0):e9,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\motorcycles.mpo"=hex(0):0d,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\pal\\Nature.wmv"=hex(0):e0,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\shade.jpg"=hex(0):ea,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\tropical.jpg"=hex(0):eb,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\forest.jpg"=hex(0):7e,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\girlinthegrass.jpg"=hex(0):7e,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\SampleClips\\inthevalley.jpg"=hex(0):7e,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\PiPObject\\PDR12_recording\\recording_00000.png"=hex(0):77,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\Menus\\Cinematic\\LayerTemplate\\LayerTemplate2\\opening.wma"=hex(0):67,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\MediaCache5\Data5] "C:\\Program Files\\CyberLink\\PowerDirector12\\Menus\\Cinematic\\Audio\\opening_BGM.wma"=hex(0):67,\ [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\PowerDirector12] [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\PowerDirector12] "Boomerang_x86Path"="C:\\Program Files\\CyberLink\\PowerDirector12\\Boomerang\\x86\\BoomerangLib.dll" [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\PowerDirector12] "Boomerang_x64Path"="C:\\Program Files\\CyberLink\\PowerDirector12\\Boomerang\\x64\\BoomerangLib.dll" [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\CyberLink\PowerDirector12] "Boomerang_APREGPath"="C:\\Program Files\\CyberLink\\PowerDirector12\\APREG.url" [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\Software\CyberLink\PowerDirector12] [HKEY_USERS\S-1-5-21-3018774581-1640411555-1972862108-1000\Software\Software\CyberLink\PowerDirector12\PDR12] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7650 folders=985 3550682812 bytes) ==== EOF on vr 13/03/2015 at 10:17:36,60 ======================