Zoek.exe v5.0.0.0 Updated 22-06-2014 Tool run by SATURN on ma 23/06/2014 at 7:59:53,66. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\SATURN\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-06-22-100306.log 405 bytes C:\zoek-results2014-06-22-114259.log 44924 bytes ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{d589843c-47ca-40c6-ae49-163ae9d86896}"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Re-markit not found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter deleted "C:\autoexec.bat" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\SATURN\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-06-12 17:10:24 55ADDA5B29D1151727470FA165460773 1312256 ----a-w- C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-12 17:10:23 CB1F941980DCC044542CEF180328D180 1064448 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-12 17:10:21 9EAAB4305536829D6B7D9C3A47E92861 2179072 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-12 17:10:21 7E27FB6AB8976897A530FB30F5FF7691 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-12 17:10:21 6D8E6A9A524FFAAFA4D2F6C8EF38D0BB 592896 ----a-w- C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-06-12 17:10:21 0AFCE8EEF3751810FE2101FD608FB8B3 1143296 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-12 17:10:20 D5ECBB3BFDC73A59440D9CA79AB3A342 17271296 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-12 17:10:20 8DF06ACA017949D37C38B6A0EF747D4E 526336 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-12 17:10:20 017B99D09904DCA35D5F66AD79084B5F 368128 ----a-w- C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-12 17:10:19 C69FDD49AB9E8BCF2BAAC469CE0CC756 1964544 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-12 17:10:18 688227D38A6FF6403B293D0C50B454B9 11725312 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-12 17:10:18 5B5815477A53ED92B89955FFE7EDCB2E 242688 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-12 17:10:17 C58E97EEB1CB80CE91D5E7FD5E78794F 4244992 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-12 17:10:17 22D7FFA4B94916F18EB1F1D107B86839 704512 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-06-12 17:10:12 771CDBC3D62437D6DB070820BB1EDCCF 1790976 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2014-06-12 17:10:10 D9F5B424C307B195E16A9B0A21E53BCC 61952 ----a-w- C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-12 17:10:03 A8358D0521BC91CF30C5C1EE4541B695 754688 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll 2014-06-12 17:09:49 A93E67D9084BEFC32C8E2B75FCC5B02E 11792384 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2014-06-12 17:09:48 A5358F64D4EB5ABE2829981CD9734901 18755672 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2014-06-12 17:09:44 A717D4AC0C44BCBE990DBF8B6EC979AA 12711424 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-06-12 17:09:41 0FDDBC46B0FE68B9516BED5CDC2A5296 5104640 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2014-06-12 17:09:40 4550DC04464B86C5EB2CC77D9D27C06C 5833216 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-06-12 17:09:40 1E48870B29C7D7328A7D484A61250AE5 5774848 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2014-06-12 17:09:38 8EAD5F0BC40579B106CDD9D2591CFEC5 1797896 ----a-w- C:\WINDOWS\SysWOW64\d3d9.dll 2014-06-12 17:09:29 E678126493997B951C6A6E91BC15C91C 836608 ----a-w- C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-06-12 17:09:29 561945C42E36012B4799C342E6A96498 800768 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-06-12 17:09:27 E2AAB5EDC278D489C8EF87F277B5E3E6 888320 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2014-06-12 17:09:27 87AB9959EC23455326C8C55E59DE0A88 669856 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-06-12 17:09:26 5AE9C90A51256F72C541A2FD81EAB7C4 2144984 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2014-06-12 17:09:25 90C83CF02C884315E595FA07CA9C64EF 387896 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll 2014-06-12 17:09:24 A54EB398BC2D792A0C603A97F7975FD8 357376 ----a-w- C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll 2014-06-12 17:09:24 76892045ECB1D830185618DBD3467562 337408 ----a-w- C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-06-12 17:09:23 EC4FA776548BF1A05DAE3B5EFB0FFE6F 1209616 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll 2014-06-12 17:09:23 C97E772120135CD320CB217C92105B12 370176 ----a-w- C:\WINDOWS\SysWOW64\winspool.drv 2014-06-12 17:09:23 A4F3682781DD8B36E97FD04BA50845A2 209920 ----a-w- C:\WINDOWS\SysWOW64\rdpencom.dll 2014-06-12 17:09:23 5FAEA469BCE03F8FABAFB63D7603DC3C 982016 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2014-06-12 17:09:23 13CE2AA6D3ACAF0B485DBFE8AF2F5C48 305768 ----a-w- C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-06-12 17:09:23 008368626F3EFAEDB0C2CD4565BA6797 98584 ----a-w- C:\WINDOWS\SysWOW64\dwmapi.dll 2014-06-12 17:09:22 E697F1E4E819EB12C40AE01F88626BAB 219136 ----a-w- C:\WINDOWS\SysWOW64\resutils.dll 2014-06-12 17:09:22 D0E0E176F86C3B1048A67144DE0C5CD3 46592 ----a-w- C:\WINDOWS\SysWOW64\tlscsp.dll 2014-06-12 17:09:22 A9A027378882FFA14000612AE6FDA7AB 1200288 ----a-w- C:\WINDOWS\SysWOW64\propsys.dll 2014-06-12 17:09:22 A624CA7CDFA7941EECD6F96F1A47CCA3 178184 ----a-w- C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2014-06-12 17:09:22 A3ECC0F6960AA699895CB48BC69BEA3B 326024 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll 2014-06-12 17:09:22 956D8170AD470804405C0564E10ED6ED 406504 ----a-w- C:\WINDOWS\SysWOW64\AudioEng.dll 2014-06-12 17:09:22 8C25FBB338147754DA42DF990FB3AE4A 285144 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2014-06-12 17:09:22 88A821BC72CB1A935C92F453586233EF 518544 ----a-w- C:\WINDOWS\SysWOW64\mf.dll 2014-06-12 17:09:22 6BAE2EB5EFCEAC999BB1A5BF267C711D 707048 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll 2014-06-12 17:09:22 619C6E72B8433B3F67738F7E6C972A96 230808 ----a-w- C:\WINDOWS\SysWOW64\wintrust.dll 2014-06-12 17:09:22 495C3945889DD59993474F2434863835 11776 ----a-w- C:\WINDOWS\SysWOW64\d3d8thk.dll 2014-06-12 17:09:22 4874EB05C1BE374B8A4AC15DF3DB07B0 111528 ----a-w- C:\WINDOWS\SysWOW64\gpapi.dll 2014-06-12 17:09:22 15905E6B799C1446A37915ED23CD17E5 144384 ----a-w- C:\WINDOWS\SysWOW64\rpchttp.dll 2014-06-12 17:09:22 06AB75759A0B2D79680F52ACDAE702A1 313344 ----a-w- C:\WINDOWS\SysWOW64\clusapi.dll 2014-06-12 17:09:21 FF28231D41465C253E9F9EF164DD619C 230400 ----a-w- C:\WINDOWS\SysWOW64\wlanapi.dll 2014-06-12 17:09:21 CF3EA59E07BF906B43058C98B6750D16 855552 ----a-w- C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-06-12 17:09:21 B6803C8A600E3F029A3D688D9E590CA3 300544 ----a-w- C:\WINDOWS\SysWOW64\wlanmsm.dll 2014-06-12 17:09:21 68A23F58F6F16B81BCBFCAA07CDF0680 61440 ----a-w- C:\WINDOWS\SysWOW64\srclient.dll 2014-06-12 17:09:21 5C74AC34C1CAA9C232836C580272B0DD 1029120 ----a-w- C:\WINDOWS\SysWOW64\mispace.dll 2014-06-12 17:09:21 3CABBCB26C4E73F3440A8A064EB490FF 11264 ----a-w- C:\WINDOWS\SysWOW64\wlanhlp.dll 2014-06-12 17:09:06 61F5222289E052C40274ECD182A8AA99 98816 ----a-w- C:\WINDOWS\SysWOW64\drvinst.exe 2014-06-12 17:09:05 65FCEABE3128592F84B60140F814BDDB 1509888 ----a-w- C:\WINDOWS\SysWOW64\DWrite.dll 2014-06-12 17:08:54 260A56A8164CBDF9884BB9B2895F6AB2 2344448 ----a-w- C:\WINDOWS\SysWOW64\Wpc.dll 2014-06-12 17:07:43 3DA5CD1E3B9BDAF79731CB6CB1029CB3 53248 ----a-w- C:\WINDOWS\SysWOW64\tsgqec.dll 2014-06-12 17:07:02 B8F28AAC003060E3B125D2447CFC19E2 164864 ----a-w- C:\WINDOWS\SysWOW64\msrating.dll 2014-06-12 17:07:02 6A06EB11F1E5BDAA795DAE7838F9FE20 43008 ----a-w- C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-12 17:06:59 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 ----a-w- C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-12 17:06:59 260D6B421E5551E8BA75D16B5CA90D9A 51200 ----a-w- C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-12 17:06:59 0E7B7C9F483300F9FF97C6A1E4BC4F57 32768 ----a-w- C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 18:44:40 8A4CEBF34370D689E198E6673C1F2C40 74072 ----a-w- C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2014-06-11 18:44:40 81DFDDFB401D663BA7E6AD1C80364216 527192 ----a-w- C:\WINDOWS\SysWOW64\XAudio2_7.dll 2014-06-11 18:44:40 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2014-06-11 18:44:39 8E0BB968FF41D80E5F2C747C04DB79AE 248672 ----a-w- C:\WINDOWS\SysWOW64\d3dx11_43.dll 2014-06-11 18:44:22 501AC862517C5445742BEE8A2B88414E 453456 ----a-w- C:\WINDOWS\SysWOW64\d3dx10_42.dll 2014-06-11 18:43:58 26AF232140C88B42D92A88F2198EDF6A 3426072 ----a-w- C:\WINDOWS\SysWOW64\d3dx9_32.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-06-12 17:10:26 CCDFFC83004AF62D0153CF45289028AF 3360256 ----a-w- C:\WINDOWS\Sysnative\rdpcorets.dll 2014-06-12 17:10:25 201FE8AAD76FB1E7FB5A3B1337435DC1 2151424 ----a-w- C:\WINDOWS\Sysnative\msxml3.dll 2014-06-12 17:10:23 A4948EA65E584A88BE09029DB49E4D70 1336648 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll 2014-06-12 17:10:22 063EF4239479F52DAF9F4849B0B304F1 2768384 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2014-06-12 17:10:19 3A1AB9DE852F2BC1ECE6403BDD01B9F0 1398272 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2014-06-12 17:10:18 867DD52B23D3B0390B88F3D7AD1E600C 631808 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2014-06-12 17:10:18 12BA419E27DBC5DBF9262C8A885FA361 452096 ----a-w- C:\WINDOWS\Sysnative\dxtmsft.dll 2014-06-12 17:10:17 3FC3828E8820D1C93DBFBAD4BE456D85 2040832 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2014-06-12 17:10:16 CB8A91074AE1B5051E240B50A328DCF5 295424 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll 2014-06-12 17:10:16 2DBB9127794BC30BC31D26FA088F8BAB 13522944 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2014-06-12 17:10:15 CC603EF96BA456D4BCD9FF849ED07A2A 85504 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2014-06-12 17:10:15 AB3FA3D9B1F1D0571CBC43D1487CCD6F 5782528 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2014-06-12 17:10:15 9013D5BBE1B6D3A060F54B4B5BB2C3A3 846336 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2014-06-12 17:10:15 6B9925F498D4E91FB57576CC3776D428 752640 ----a-w- C:\WINDOWS\Sysnative\jscript9diag.dll 2014-06-12 17:10:14 790FD40601502C5FE8213D4F335DA0BD 51200 ----a-w- C:\WINDOWS\Sysnative\jsproxy.dll 2014-06-12 17:10:14 56803B20D168C1B740D12CE0BE4588F5 23414784 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-06-12 17:10:13 40BFD9D6EC8E174145F012246CA73CCD 2266112 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2014-06-12 17:10:10 EAAA62F272858695814A1F42D5E59BD3 608768 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2014-06-12 17:10:04 AA5A86B32FC3975284082C64059F92DF 79872 ----a-w- C:\WINDOWS\Sysnative\WSReset.exe 2014-06-12 17:10:04 A28730EF44FCCBF0040B771CEFC8EE76 921088 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll 2014-06-12 17:09:48 AD2DE3982C7B6E62346098C7570F6A7D 13287936 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2014-06-12 17:09:47 AE7D8835A29FADB39C0D095BA32A9462 21268952 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2014-06-12 17:09:45 0C5C304C3A2D9E9633A7506CBB04929E 16872448 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2014-06-12 17:09:44 151427E526E96471A45FF6CC2257FBA0 8652800 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Search.dll 2014-06-12 17:09:43 AEDD44FDB8B521D443A07146F5CA3A53 7173120 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll 2014-06-12 17:09:41 F4C09C622BC55A80F775DF7D8AB9984F 6645248 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2014-06-12 17:09:39 7E4A8D95B9DBC2CB588B91848A0AE731 2688000 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers.dll 2014-06-12 17:09:38 8ECEBEE92854C6705877911BA75889A8 2124840 ----a-w- C:\WINDOWS\Sysnative\d3d9.dll 2014-06-12 17:09:38 383DA813409316D69603C1D849834D24 1308160 ----a-w- C:\WINDOWS\Sysnative\gpsvc.dll 2014-06-12 17:09:34 C2A06D6E746C42E6CE6CA020EE67FFA2 4269056 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll 2014-06-12 17:09:32 EAE6ED6C5076CF765EB731B92A237149 955904 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2014-06-12 17:09:32 CFB353B4E33AFE922C3A62DBC9C9B0A8 7425368 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2014-06-12 17:09:32 6B7B2211C293218706D491204FCE8695 1126912 ----a-w- C:\WINDOWS\Sysnative\SearchFolder.dll 2014-06-12 17:09:31 6C6E26E0DB9AB2077F42FBBCDB153C84 2140888 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2014-06-12 17:09:30 6873D09262D32B95D6AC3026FCF8B424 1230336 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2014-06-12 17:09:30 5661481164A164CAD67DBE5A0191207F 4190720 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2014-06-12 17:09:28 AE210430A150FF20A58E3C6B381A832F 1025024 ----a-w- C:\WINDOWS\Sysnative\localspl.dll 2014-06-12 17:09:27 7FB9EC74ADFB2353B7782C3EF833F5B7 765408 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll 2014-06-12 17:09:27 0BBD7EDAEA54D0E30445E9FC1179C60A 1411584 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2014-06-12 17:09:26 A1CD5194ACC156A852136B303F087260 491744 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll 2014-06-12 17:09:26 5071E71CC05346D88C5A08EB8B5A05E3 1584128 ----a-w- C:\WINDOWS\Sysnative\workfolderssvc.dll 2014-06-12 17:09:26 411DBFCD6ABAB75B6F7950677AEEFB7D 1403856 ----a-w- C:\WINDOWS\Sysnative\winmde.dll 2014-06-12 17:09:25 9ED0E72966FB08F7E6DB15E5519AF8D1 1379064 ----a-w- C:\WINDOWS\Sysnative\wmpmde.dll 2014-06-12 17:09:24 EEC46BC17F28C528AB7FAC20AFDF69E3 462336 ----a-w- C:\WINDOWS\Sysnative\XpsGdiConverter.dll 2014-06-12 17:09:24 ED7C0A11E655CD8B89BE499F99D56098 486912 ----a-w- C:\WINDOWS\Sysnative\winspool.drv 2014-06-12 17:09:24 CB79B5D367376E7B49E2D95BFFB0BEEB 364640 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll 2014-06-12 17:09:24 98A184F6EC43B178901FCD5D4E2EC43B 1222656 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Streaming.dll 2014-06-12 17:09:24 626D19F1771E1AE72208AE9A8F3082F7 491520 ----a-w- C:\WINDOWS\Sysnative\GeofenceMonitorService.dll 2014-06-12 17:09:24 46378ECCB4A29AA81BF296641C2501EF 323072 ----a-w- C:\WINDOWS\Sysnative\srvsvc.dll 2014-06-12 17:09:24 0BDD786156C820F49EEF5D348B4ACFF4 335872 ----a-w- C:\WINDOWS\Sysnative\MDEServer.exe 2014-06-12 17:09:24 067CB90C277DB4A737D5DEABA3055972 407016 ----a-w- C:\WINDOWS\Sysnative\services.exe 2014-06-12 17:09:23 D872C6095AACC13AD897DB5E4D2B5D91 805376 ----a-w- C:\WINDOWS\Sysnative\win32spl.dll 2014-06-12 17:09:23 BAF51BE2DEB387BD99CAC4E3B7850FEC 250368 ----a-w- C:\WINDOWS\Sysnative\rdpencom.dll 2014-06-12 17:09:23 AF3FF97AC2A73E70F8A8D11FB694175B 449536 ----a-w- C:\WINDOWS\Sysnative\defragsvc.dll 2014-06-12 17:09:23 95471DDCB3B3FF70015FD9AA13404F44 281600 ----a-w- C:\WINDOWS\Sysnative\resutils.dll 2014-06-12 17:09:23 87CF824E47489DD972FB4FB9FC4EDD0A 324888 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll 2014-06-12 17:09:23 850EBB87584484DC16F917E7B6F4A304 718336 ----a-w- C:\WINDOWS\Sysnative\swprv.dll 2014-06-12 17:09:23 79B134ECE836B406B212E28C24011538 834048 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2014-06-12 17:09:23 67176AA6EAF34FF2A962F14EB8F0478B 263424 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsAdminFlows.exe 2014-06-12 17:09:23 1697E09CDA4DD8741B8276F48A8514DE 32600 ----a-w- C:\WINDOWS\Sysnative\ploptin.dll 2014-06-12 17:09:23 1517EE52367CABAA5615AC736DC96C7D 125496 ----a-w- C:\WINDOWS\Sysnative\dwmapi.dll 2014-06-12 17:09:22 F4E351BB95D473CB55BB7C1A1FEB2798 467496 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll 2014-06-12 17:09:22 E369C59F2C0852DDD090C07E0DDE0051 1436160 ----a-w- C:\WINDOWS\Sysnative\VSSVC.exe 2014-06-12 17:09:22 BF6FBC9D97A24FABB0AE8B878279CF0B 244880 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe 2014-06-12 17:09:22 B24960B79BDE7D5ED1EA638027F9E8F0 143872 ----a-w- C:\WINDOWS\Sysnative\BootMenuUX.dll 2014-06-12 17:09:22 AE2B9504C975B529D92D9E6603F6D33F 609448 ----a-w- C:\WINDOWS\Sysnative\mf.dll 2014-06-12 17:09:22 99277BE68298288A0E27CF9E50FAD091 881616 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll 2014-06-12 17:09:22 9654DE19551093CD73874281E1573C94 135168 ----a-w- C:\WINDOWS\Sysnative\wscsvc.dll 2014-06-12 17:09:22 92B785213F856EC736673516C54FA791 233912 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2014-06-12 17:09:22 88ACBA95BB55B8226D52117462B76CD4 307304 ----a-w- C:\WINDOWS\Sysnative\wintrust.dll 2014-06-12 17:09:22 7B3255A0B833908E4A7ACEA6245D344E 426496 ----a-w- C:\WINDOWS\Sysnative\clusapi.dll 2014-06-12 17:09:22 7B12172CCE581F76C9335D7A47E0AD50 130144 ----a-w- C:\WINDOWS\Sysnative\gpapi.dll 2014-06-12 17:09:22 78D26F162E015FF644785C8836B617CA 1287168 ----a-w- C:\WINDOWS\Sysnative\mispace.dll 2014-06-12 17:09:22 69A374DE46C7BAAE30BFB1E40D69C5C6 761856 ----a-w- C:\WINDOWS\Sysnative\WorkfoldersControl.dll 2014-06-12 17:09:22 64B2A2630C964BF135A84A52FB2EEF9A 47616 ----a-w- C:\WINDOWS\Sysnative\tlscsp.dll 2014-06-12 17:09:22 5EE916C3272A19B459717A8D2397B07A 55296 ----a-w- C:\WINDOWS\Sysnative\energyprov.dll 2014-06-12 17:09:22 4684C8E852065C0A7937C395C165A24F 1466856 ----a-w- C:\WINDOWS\Sysnative\propsys.dll 2014-06-12 17:09:22 414B81DE6CE46022ED43051C09EDB00B 467968 ----a-w- C:\WINDOWS\Sysnative\srcore.dll 2014-06-12 17:09:22 315502228EB37F36E86EF75CB1DA1D44 201920 ----a-w- C:\WINDOWS\Sysnative\MSVideoDSP.dll 2014-06-12 17:09:22 2A4177EE5446877BD24DD72504105603 191488 ----a-w- C:\WINDOWS\Sysnative\rpchttp.dll 2014-06-12 17:09:22 22B8B1F946ACFCB03832793A25216D8C 186880 ----a-w- C:\WINDOWS\Sysnative\WorkFoldersShell.dll 2014-06-12 17:09:22 072A99F351C505A45C9FDA32E7324602 28408 ----a-w- C:\WINDOWS\Sysnative\mfpmp.exe 2014-06-12 17:09:22 01851563CB6FB986A4C0221C15AB6ADC 463256 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll 2014-06-12 17:09:21 F587513213947A4C7EF47B660DAAFBC5 271872 ----a-w- C:\WINDOWS\Sysnative\rstrui.exe 2014-06-12 17:09:21 F2895547FC275642A29692DC344A847F 296960 ----a-w- C:\WINDOWS\Sysnative\wlanapi.dll 2014-06-12 17:09:21 EF252510DB6C3511E30418BD2AC95A2D 1527296 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll 2014-06-12 17:09:21 E86E7792A2A0854D5560371BBDDA760B 1057280 ----a-w- C:\WINDOWS\Sysnative\rdvidcrl.dll 2014-06-12 17:09:21 E2C26EECF60D9DF94706DF981D074B98 721408 ----a-w- C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll 2014-06-12 17:09:21 DC61194C93DE9E5D549AEC5064A06BD4 872448 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe 2014-06-12 17:09:21 B6BD22DDEDDD8665080D664749ACFEF5 64512 ----a-w- C:\WINDOWS\Sysnative\tsgqec.dll 2014-06-12 17:09:21 977D67467950D8048E94651EE6081B99 370176 ----a-w- C:\WINDOWS\Sysnative\wlanmsm.dll 2014-06-12 17:09:21 9465F8E72887AC6CCDD97F738A5AB6B6 70656 ----a-w- C:\WINDOWS\Sysnative\srclient.dll 2014-06-12 17:09:21 8E1866A4E96F1159B6625627860A0454 2100736 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsAdminFlowUI.dll 2014-06-12 17:09:21 88BCAEABEB2A46DB7B336B8432720AC8 443904 ----a-w- C:\WINDOWS\Sysnative\wlansec.dll 2014-06-12 17:09:21 886767FD022213F7885416134E9082E5 201216 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll 2014-06-12 17:09:21 82FE5F302FD7C7EF0E41465BB873EFC7 11264 ----a-w- C:\WINDOWS\Sysnative\wlanhlp.dll 2014-06-12 17:09:06 CC8E86B9C18BCA38D3C467CFD661A466 1975296 ----a-w- C:\WINDOWS\Sysnative\DWrite.dll 2014-06-12 17:09:06 BB7F878413AD3C2E7E89C96193D405DF 57856 ----a-w- C:\WINDOWS\Sysnative\drvcfg.exe 2014-06-12 17:09:06 8E472AA2E916417B55BC1E6727957453 110592 ----a-w- C:\WINDOWS\Sysnative\drvinst.exe 2014-06-12 17:09:05 3FA6DC6B29717E32E211C1FD821F2C75 1345536 ----a-w- C:\WINDOWS\Sysnative\FntCache.dll 2014-06-12 17:08:54 8838E982B803E9303ABE051E0CAB5A64 2861056 ----a-w- C:\WINDOWS\Sysnative\WpcWebSync.dll 2014-06-12 17:08:54 60A4EAAA2964A3ECFD91A6EC9F8B72C0 3048904 ----a-w- C:\WINDOWS\Sysnative\WpcMon.exe 2014-06-12 17:08:54 52E94AE3C9FF1E18A1EA125C4FFB0EEC 2834944 ----a-w- C:\WINDOWS\Sysnative\wpccpl.dll 2014-06-12 17:08:54 416BE72F050166A6B5820833363AB0F2 3118080 ----a-w- C:\WINDOWS\Sysnative\Wpc.dll 2014-06-12 17:06:59 FCFAEDF0AA1A78A1875FDB798598408B 48640 ----a-w- C:\WINDOWS\Sysnative\ieetwproxystub.dll 2014-06-12 17:06:59 E77092C38028EB0A5C461B3436E0A6D5 4096 ----a-w- C:\WINDOWS\Sysnative\ieetwcollectorres.dll 2014-06-12 17:06:59 E129D34089E70215B65EA611F802FA9A 111616 ----a-w- C:\WINDOWS\Sysnative\ieetwcollector.exe 2014-06-12 17:06:59 338415F2E9A188875B6E43B5269620B0 139264 ----a-w- C:\WINDOWS\Sysnative\ieUnatt.exe 2014-06-12 17:06:58 FD08F8BA2437A85F500EFFE3FD3158A6 33792 ----a-w- C:\WINDOWS\Sysnative\iernonce.dll 2014-06-12 17:06:58 C1E2C16D58D76323800C3EE5E2C5095A 66048 ----a-w- C:\WINDOWS\Sysnative\iesetup.dll 2014-06-12 17:06:57 1D1D7F52EC84294859642A4309FE648E 195584 ----a-w- C:\WINDOWS\Sysnative\msrating.dll 2014-06-11 18:44:40 E9739AE8B2FA28DCD6F2EF5525DA8827 77656 ----a-w- C:\WINDOWS\Sysnative\XAPOFX1_5.dll 2014-06-11 18:44:40 ADA0C39D4EACDC81FD84163A95D62079 2526056 ----a-w- C:\WINDOWS\Sysnative\D3DCompiler_43.dll 2014-06-11 18:44:40 4F7513FF4DE6303088DB28DCBCEF372C 518488 ----a-w- C:\WINDOWS\Sysnative\XAudio2_7.dll 2014-06-11 18:44:39 9D6429F410597750B2DC2579B2347303 276832 ----a-w- C:\WINDOWS\Sysnative\d3dx11_43.dll 2014-06-11 18:44:22 B739C423276AE62D7AC91773226EC13B 523088 ----a-w- C:\WINDOWS\Sysnative\d3dx10_42.dll 2014-06-11 18:43:58 A4DDFE5DC4E73D1FED9B1B3A3D885612 4398360 ----a-w- C:\WINDOWS\Sysnative\d3dx9_32.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-06-12 17:10:07 A9749FD0A06E22009EA972D8B9CB046B 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2014-06-12 17:10:07 4B666AE119D2ADBAC816BEA7DB4D6881 2518872 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-06-12 17:10:06 D18EC2C83C2F773C9476A4FB0AA4C314 295424 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys 2014-06-12 17:09:26 92370F46AF28D54B67C135FA8C2AFCFC 1200128 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2014-06-12 17:09:24 FD163F487CBA9C98AFFEB546C80F49A2 677376 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2014-06-12 17:09:24 DBA635C6398782C549E3BE45CF1D0411 206848 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2014-06-12 17:09:24 7C7BE474915166B61B84C025F1F10157 563200 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys 2014-06-12 17:09:24 78514B073CC5775800A65BFB82A0D66B 443904 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2014-06-12 17:09:24 4BB9BC49DEE1A319EC58274A7BBED663 310616 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys 2014-06-12 17:09:23 F152D55E497E12256290C43B31C7D0CE 589656 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys 2014-06-12 17:09:23 CADCE0D6C30427F70A4BFA426256F68C 337240 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys 2014-06-12 17:09:23 498288DD5CA42C2D36D125893E968C53 77312 -c--a-w- C:\WINDOWS\Sysnative\drivers\hdaudbus.sys 2014-06-12 17:09:23 0696F66E4D423793951A60562F794D14 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-06-12 17:09:22 D90AB68D0FAC9F357F663670FDBB511E 275800 -c--a-w- C:\WINDOWS\Sysnative\drivers\msiscsi.sys 2014-06-12 17:09:22 716059F37BCCB1ABEDE99EBE82E8E362 246272 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2014-06-12 17:09:22 6592D192E2823C043EDBC010E7774053 360792 ----a-w- C:\WINDOWS\Sysnative\drivers\fltMgr.sys 2014-06-12 17:09:22 4C1E71E37B56C768900B1FCF81205027 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys 2014-06-12 17:09:22 33977549C2CED09936E05BEE7659EAFF 384856 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys 2014-06-12 17:08:54 182561A14F2E93E81E66FE3700D17A5A 55328 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys 2014-05-25 12:53:14 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\WINDOWS\Sysnative\drivers\EsgScanner.sys ====== C:\WINDOWS\Tasks ====== 2014-06-22 10:08:36 97BA9F3BA64146109B0DF1AF1A444CFA 3340 ----a-w- C:\WINDOWS\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3044803408-375196487-3353611470-1002 2014-06-17 15:53:05 26D6653D7419B16A17BB71371C8EE487 3614 ----a-w- C:\WINDOWS\Sysnative\Tasks\RNUpgradeHelperResumePrompt_SATURN 2014-06-17 15:53:00 5D3CB8485E71893190C2131B94271595 2960 ----a-w- C:\WINDOWS\Sysnative\Tasks\ReclaimerUpdateFiles_SATURN 2014-06-17 15:52:58 B3ECC7C4AF633D2D401BD2CF6C9D2465 390 ----a-w- C:\WINDOWS\Tasks\ReclaimerUpdateFiles_SATURN.job 2014-06-17 15:52:57 83A17C1D2A425DD54558B7706C707CBE 2956 ----a-w- C:\WINDOWS\Sysnative\Tasks\ReclaimerUpdateXML_SATURN 2014-06-17 15:52:55 04CE8C3DEF22F13B81B9C3C088276435 386 ----a-w- C:\WINDOWS\Tasks\ReclaimerUpdateXML_SATURN.job 2014-06-13 04:40:07 78C0FD7B67E7333335990EBB68B278DD 3362 ----a-w- C:\WINDOWS\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3044803408-375196487-3353611470-1002 2014-06-11 18:43:26 D74175F8FC3F6F730D0195416EA34489 3096 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3044803408-375196487-3353611470-1002 ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-06-21 13:18:20 -------- d-----w- C:\Program Files\trend micro 2014-06-11 18:45:14 -------- d-----w- C:\Program Files\Windows Live 2014-05-25 12:53:10 -------- d-----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== 2014-06-11 18:45:06 -------- d-----w- C:\PROGRA~2\Windows Live 2014-06-11 18:41:03 -------- d-----w- C:\PROGRA~2\COMMON~1\Windows Live 2014-05-25 12:52:51 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard 2014-05-25 09:21:09 -------- d-----w- C:\PROGRA~2\Trend Micro 2014-05-24 07:53:07 -------- d-----w- C:\PROGRA~2\WinRAR ======= C: ===== ====== C:\Users\SATURN\AppData\Roaming ====== 2014-06-22 11:29:02 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp 2014-06-22 11:29:02 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2014-06-22 11:29:02 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2014-06-22 11:29:02 -------- d-----w- C:\Users\Lenovo\AppData\Local\Temp 2014-06-22 11:29:02 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-06-22 11:29:02 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-06-22 11:29:01 -------- d-----w- C:\Users\SATURN\AppData\Local\Temp 2014-06-11 18:41:09 -------- d-----w- C:\Users\SATURN\AppData\Local\Windows Live 2014-06-01 12:14:30 -------- d-sh--w- C:\Users\SATURN\AppData\Locallow\EmieUserList 2014-06-01 12:14:30 -------- d-sh--w- C:\Users\SATURN\AppData\Locallow\EmieSiteList 2014-05-25 12:53:11 -------- d-----w- C:\Users\SATURN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-05-24 07:54:10 -------- d-----w- C:\Users\SATURN\AppData\Roaming\WinRAR 2014-05-24 07:53:23 -------- d-----w- C:\Users\SATURN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ====== C:\Users\SATURN ====== 2014-06-22 11:43:06 -------- d-----r- C:\Users\SATURN\Searches 2014-06-21 13:18:01 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\SATURN\Downloads\RSITx64.exe 2014-06-17 15:56:57 E9B9148F1590CFC520712A7B7205BF22 13084896 ----a-w- C:\Users\SATURN\Downloads\Silverlight_x64.exe 2014-06-11 18:47:08 -------- d-----w- C:\Users\SATURN\Tracing 2014-06-11 18:45:50 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-06-11 18:43:26 -------- d-----r- C:\Users\SATURN\OneDrive 2014-06-11 18:43:20 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2014-06-11 18:40:50 D1FD677582820AB3A60528EAC18FE31C 1243328 ----a-w- C:\Users\SATURN\Downloads\wlsetup-web.exe 2014-05-24 07:53:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR ====== C: exe-files == 2014-06-21 13:18:22 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\SATURN.exe 2014-06-21 13:18:01 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\SATURN\Downloads\RSITx64.exe 2014-06-20 19:52:51 45D10F0878A188FE0CC05FC6842749FE 384872 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005c20\updatus.18618995_RUNASUSER.exe 2014-06-18 19:07:50 4A9A536B229183E73938803D76AAFA1F 384824 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005bf4\updatus.18607500_RUNASUSER.exe 2014-06-18 19:07:47 ED28B620B7E5C4D064B96F89933A09FA 295880 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005bed\drsupdate.18604483_RUNASUSER.exe 2014-06-17 15:56:57 E9B9148F1590CFC520712A7B7205BF22 13084896 ----a-w- C:\Users\SATURN\Downloads\Silverlight_x64.exe 2014-06-17 15:53:10 EFACD667EF49E168D6CB6BBF7B94ACAE 1023696 ----a-w- C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\stub_exe\RealPlayerCloud.exe 2014-06-17 15:53:10 EFACD667EF49E168D6CB6BBF7B94ACAE 1023696 ----a-w- C:\Users\SATURN\AppData\Local\Microsoft\Windows\INetCache\IE\B816QXBZ\RealPlayerCloud[1].exe 2014-06-17 11:51:27 F571EED7262998B98AE89685E236983C 503376 ----a-w- C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe 2014-06-17 11:51:22 F571EED7262998B98AE89685E236983C 503376 ----a-w- C:\Users\SATURN\AppData\Roaming\Real\Update\temp\~Upg9\rnupgagent.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3044803408-375196487-3353611470-1002\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean" [HKEY_USERS\S-1-5-21-3044803408-375196487-3353611470-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "331BigDog"="C:\Program Files (x86)\USB Camera\VM331STI.EXE" "Dolby Home Theater v4"="C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe -autostart" "YouCam Mirage"="C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" "YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s" "UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0" "RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" "Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4" "MuteSync"="C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "EaseUS EPM tray"="C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Starter"="C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe" "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot" "G Data AntiVirus Tray"="C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" "GDFirewallTray"="C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "OnekeyStudio"="C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe" "Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe" "EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe" "SynLenovoGestureMgr"=""%ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2013-09-12 04:26:04 1246 ----a-w- C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk 2014-05-08 21:53:12 1323 ----a-w- C:\Users\SATURN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2013-02-17 19:00:34 1246 ----a-w- C:\Users\SATURN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk 2012-10-14 15:33:31 876 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2014 22:46] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/03/2013 22:40] C:\WINDOWS\tasks\ReclaimerUpdateFiles_SATURN.job --a-------- C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [17/06/2014 13:51] C:\WINDOWS\tasks\ReclaimerUpdateXML_SATURN.job --a-------- C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [17/06/2014 13:51] C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_SATURN.job --a-------- C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [17/06/2014 13:51] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [16/08/2012 08:23] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe] "C:\WINDOWS\SysNative\tasks\OFFICE2010ACT" [C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs] "C:\WINDOWS\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3044803408-375196487-3353611470-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe] "C:\WINDOWS\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3044803408-375196487-3353611470-1005" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe] "C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3044803408-375196487-3353611470-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3044803408-375196487-3353611470-1005" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3044803408-375196487-3353611470-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3044803408-375196487-3353611470-1005" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3044803408-375196487-3353611470-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3044803408-375196487-3353611470-1005" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3044803408-375196487-3353611470-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3044803408-375196487-3353611470-1005" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\WINDOWS\SysNative\tasks\ReclaimerUpdateFiles_SATURN" [C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe] "C:\WINDOWS\SysNative\tasks\ReclaimerUpdateXML_SATURN" [C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe] "C:\WINDOWS\SysNative\tasks\RNUpgradeHelperLogonPrompt_SATURN" [C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe] "C:\WINDOWS\SysNative\tasks\RNUpgradeHelperResumePrompt_SATURN" [C:\Users\SATURN\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe] "C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{90001241-58CC-4956-984C-505010284253}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [17/12/2013 15:20] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\SATURN\AppData\Roaming\Mozilla\Firefox\Profiles\x9nwfa44.default-1400014748703 A58DE0A570148AF5FF3512B2A340D09F - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash 0C0C5C207121C7A78414A8250E8E099A - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director 9624666A4C4F33F084B8661584AA3732 - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) 96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 16:24] Google Docs - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf RealDownloader - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Google Wallet - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia RealDownloader - SATURN\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Google Wallet - SATURN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== C:\zoek_backup content ====================== C:\zoek_backup (files=32 folders=7 4479197 bytes) ==== EOF on ma 23/06/2014 at 8:04:58,89 ======================