Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Rossi930 on di 26-04-2016 at 12:18:29,92. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Rossi930\Desktop\zoek.exe Script used: C:\Users\Rossi930\Desktop\zoekscript.txt ==== Older Logs ====================== C:\zoek-results2016-04-23-140835.log 96875 bytes C:\zoek-results2016-04-24-104052.log 6701 bytes C:\zoek-results2016-04-24-130230.log 9827 bytes C:\zoek-results2016-04-25-090047.log 1337 bytes C:\zoek-results2016-04-25-124419.log 22758 bytes ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\Software\Amazon] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\AppDataLow\Software\Amazon] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\amazon.com] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.amazon.com] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\s3-eu-west-1.amazonaws.com] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.ca] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.cn] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.co.jp] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.co.uk] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.com] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.com.br] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.de] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.es] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.fr] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.in] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.it] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\ProgramData\\jIxmRfR\\protect\\protect.exe"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\jIxmRfR\rsc] [-HKEY_LOCAL_MACHINE\SOFTWARE\jIxmRfR] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\URLAssociations] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\StartMenu] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\FileAssociations] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\DefaultIcon] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\InstallInfo] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\shell\open\command] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\shell\open] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\shell] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\jIxmRfR\StabilityMetrics] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\jIxmRfR\Extensions] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\jIxmRfR] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a3b37ae1_0] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.htm"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.html"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.shtml"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.xht"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.xhtml"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_https"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_ftp"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_http"=- [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=jixmrfr&form=WNSGPH&qs=SW&cvid=b77103e34a8b49b4b649c38c9f5c4f29&pq=jixmrfr&nclid=40590DB83898BDFDF393688EF76F58F5&ts=1461494788521&nclidts=1461494788&tsms=521] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=jixmrfr&form=WNSGPH&qs=SW&cvid=b77103e34a8b49b4b649c38c9f5c4f29&pq=jixmrfr&nclid=40590DB83898BDFDF393688EF76F58F5&ts=1461494788521&nclidts=1461494788&tsms=521\OpenWithList] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.htm\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.html\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.shtml\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.xht\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.xhtml\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\ftp\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice] "ProgId"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\RegisteredApplications] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.htm\OpenWithProgids] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.html\OpenWithProgids] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.shtml\OpenWithProgids] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.xht\OpenWithProgids] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.xhtml\OpenWithProgids] "jIxmRfRHTM"=- [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM\Application] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM\shell] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.htm\OpenWithProgids] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.html\OpenWithProgids] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.shtml\OpenWithProgids] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.xht\OpenWithProgids] "jIxmRfRHTM"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.xhtml\OpenWithProgids] "jIxmRfRHTM"=- [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM\Application] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM\shell] [-HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\ProgramData\\jIxmRfR\\protect\\protect.exe"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\qksee] [-HKEY_LOCAL_MACHINE\SOFTWARE\qkseeSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cur] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cur\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gif] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gif\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ico] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ico\OpenWithProgIds] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.j2c] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.j2c\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jp2] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jp2\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpe] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpe\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpeg] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpeg\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.png] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.png\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tif] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tif\OpenWithProgids] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tiff] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tiff\OpenWithProgids] @="" [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\qkseeService] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids] "qkseeViewer.jpg"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "qkseeViewer.jpg_.jpg"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids] "qkseeViewer.bmp"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids] "qkseeViewer.gif"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids] "qkseeViewer.ico"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids] "qkseeViewer.jpg"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids] "qkseeViewer.jpg"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids] "qkseeViewer.jpg"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids] "qkseeViewer.png"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids] "qkseeViewer.tif"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids] "qkseeViewer.tif"=- [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.bmp] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.gif] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.ico] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.jpg] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.png] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.tiff] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.bmp] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.gif] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.ico] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.jpg] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.png] @="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.tiff] @="" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids] "qkseeViewer.jpg"=- ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5426 folders=987 1025204253 bytes) ==== EOF on di 26-04-2016 at 12:20:11,35 ======================