Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Rossi930 on ma 25-04-2016 at 14:40:40,58. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Rossi930\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-04-23-140835.log 96875 bytes C:\zoek-results2016-04-24-104052.log 6701 bytes C:\zoek-results2016-04-24-130230.log 9827 bytes C:\zoek-results2016-04-25-090047.log 1337 bytes ==== Registry Search Results for "Amazon" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\Software\Amazon] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\AppDataLow\Software\Amazon] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\amazon.com] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.amazon.com] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\s3-eu-west-1.amazonaws.com] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.ca] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.cn] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.co.jp] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.co.uk] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.com] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.com.br] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.de] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.es] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.fr] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.in] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.it] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com] ==== Registry Search Results for "jIxmRfR" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\jIxmRfR] [HKEY_LOCAL_MACHINE\SOFTWARE\jIxmRfR] "path"="C:\\Program Files (x86)\\jIxmRfR\\" [HKEY_LOCAL_MACHINE\SOFTWARE\jIxmRfR] "publicdirectroy"="C:\\Users\\Public\\Documents\\jIxmRfR\\" [HKEY_LOCAL_MACHINE\SOFTWARE\jIxmRfR] "publicdirectroy_log"="C:\\Users\\Public\\Documents\\jIxmRfR\\log\\" [HKEY_LOCAL_MACHINE\SOFTWARE\jIxmRfR] "publicdirectroy_dump"="C:\\Users\\Public\\Documents\\jIxmRfR\\log\\dump\\" [HKEY_LOCAL_MACHINE\SOFTWARE\jIxmRfR\rsc] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\ProgramData\\jIxmRfR\\protect\\protect.exe"=hex:53,41,43,50,01,00,00,00,\ [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet] @="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM] @="jIxmRfR" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities] "ApplicationIcon"="C:\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe,0" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities] "ApplicationName"="jIxmRfR" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\FileAssociations] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\FileAssociations] ".htm"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\FileAssociations] ".html"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\FileAssociations] ".shtml"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\FileAssociations] ".xht"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\FileAssociations] ".xhtml"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\StartMenu] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\StartMenu] "StartMenuInternet"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\URLAssociations] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\URLAssociations] "https"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\URLAssociations] "ftp"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\Capabilities\URLAssociations] "http"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\DefaultIcon] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\DefaultIcon] @="C:\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe,0" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\InstallInfo] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\InstallInfo] "HideIconsCommand"="\"C:\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe\" \"-HideIconsCommand\"" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\InstallInfo] "ReinstallCommand"="\"C:\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe\" \"-ReinstallCommand\"" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\InstallInfo] "ShowIconsCommand"="\"C:\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe\" \"-ShowIconsCommand\"" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\shell] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\shell\open] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\shell\open\command] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Clients\StartMenuInternet\jIxmRfRHTM\shell\open\command] @="C:\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\jIxmRfR] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\jIxmRfR\Extensions] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\jIxmRfR\StabilityMetrics] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a3b37ae1_0] @="{2}.\\\\?\\hdaudio#func_01&ven_10ec&dev_0892&subsys_146210ec&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\singlelineouttopo/00010001|\\Device\\HarddiskVolume4\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.htm"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.html"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.shtml"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.xht"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_.xhtml"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_https"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_ftp"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "jIxmRfRHTM_http"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=jixmrfr&form=WNSGPH&qs=SW&cvid=b77103e34a8b49b4b649c38c9f5c4f29&pq=jixmrfr&nclid=40590DB83898BDFDF393688EF76F58F5&ts=1461494788521&nclidts=1461494788&tsms=521] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=jixmrfr&form=WNSGPH&qs=SW&cvid=b77103e34a8b49b4b649c38c9f5c4f29&pq=jixmrfr&nclid=40590DB83898BDFDF393688EF76F58F5&ts=1461494788521&nclidts=1461494788&tsms=521\OpenWithList] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.htm\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.html\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.shtml\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.xht\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\FileExts\.xhtml\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\ftp\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice] "ProgId"="jIxmRfRHTM" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\RegisteredApplications] "jIxmRfRHTM"="SOFTWARE\\Clients\\StartMenuInternet\\jIxmRfRHTM\\Capabilities" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.htm\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.html\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.shtml\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.xht\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.xhtml\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM\Application] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM\Application] "ApplicationName"="jIxmRfR" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM\Application] "ApplicationDescription"="jIxmRfR" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM\Application] "ApplicationCompany"="jIxmRfR" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM\Application] "ApplicationIcon"="C:\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe,0" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\jIxmRfRHTM\shell] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.htm\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.html\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.shtml\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.xht\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.xhtml\OpenWithProgids] "jIxmRfRHTM"="" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM\Application] [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM\Application] "ApplicationName"="jIxmRfR" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM\Application] "ApplicationDescription"="jIxmRfR" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM\Application] "ApplicationCompany"="jIxmRfR" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM\Application] "ApplicationIcon"="C:\\Program Files (x86)\\jIxmRfR\\jIxmRfR\\chrome.exe,0" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\jIxmRfRHTM\shell] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\ProgramData\\jIxmRfR\\protect\\protect.exe"=hex:53,41,43,50,01,00,00,00,\ ==== Registry Search Results for "qksee" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\qksee] [HKEY_LOCAL_MACHINE\SOFTWARE\qksee] "sid"="qksee" [HKEY_LOCAL_MACHINE\SOFTWARE\qkseeSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\qkseeSvc] "svc"="qkseeService" [HKEY_LOCAL_MACHINE\SOFTWARE\qkseeSvc] "softuid"="Global\\qksee{570F9060-7B3C-4732-9E0B-C22769FB5850}Svc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp] @="qkseeViewer.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp\OpenWithProgids] @="qkseeViewer.bmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cur] @="qkseeViewer.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cur\OpenWithProgids] @="qkseeViewer.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gif] @="qkseeViewer.gif" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gif\OpenWithProgids] @="qkseeViewer.gif" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ico] @="qkseeViewer.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ico\OpenWithProgIds] @="qkseeViewer.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.j2c] @="qkseeViewer.jpeg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.j2c\OpenWithProgids] @="qkseeViewer.jpeg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jp2] @="qkseeViewer.jpeg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jp2\OpenWithProgids] @="qkseeViewer.jpeg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpe] @="qkseeViewer.jpg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpe\OpenWithProgids] @="qkseeViewer.jpg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpeg] @="qkseeViewer.jpg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpeg\OpenWithProgids] @="qkseeViewer.jpg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg] @="qkseeViewer.jpg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg\OpenWithProgids] @="qkseeViewer.jpg" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.png] @="qkseeViewer.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.png\OpenWithProgids] @="qkseeViewer.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tif] @="qkseeViewer.tif" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tif\OpenWithProgids] @="qkseeViewer.tif" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tiff] @="qkseeViewer.tif" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tiff\OpenWithProgids] @="qkseeViewer.tif" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\qkseeService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids] "qkseeViewer.jpg"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "qkseeViewer.jpg_.jpg"=dword:00000000 [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids] "qkseeViewer.bmp"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids] "qkseeViewer.gif"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids] "qkseeViewer.ico"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @="qkseeViewer.ico" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids] "qkseeViewer.jpg"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids] "qkseeViewer.jpg"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids] "qkseeViewer.jpg"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids] "qkseeViewer.png"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids] "qkseeViewer.tif"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids] "qkseeViewer.tif"=hex(0): [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.bmp] @="qkseeViewer.bmp" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.gif] @="qkseeViewer.gif" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.ico] @="qkseeViewer.ico" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.jpg] @="qkseeViewer.jpg" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.png] @="qkseeViewer.png" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002\SOFTWARE\Classes\.tiff] @="qkseeViewer.tif" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.bmp] @="qkseeViewer.bmp" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.gif] @="qkseeViewer.gif" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.ico] @="qkseeViewer.ico" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.jpg] @="qkseeViewer.jpg" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.png] @="qkseeViewer.png" [HKEY_USERS\S-1-5-21-2692958852-1695414720-1072984534-1002_Classes\.tiff] @="qkseeViewer.tif" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids] "qkseeViewer.jpg"=hex(0): ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5426 folders=987 1025204253 bytes) ==== EOF on ma 25-04-2016 at 14:44:19,91 ======================