Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SpyHunter4 als Pc-Scanner...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.08.2013, 09:35   #16
Minter
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=323582ef8fe5a842a20b36033251bb5e
# engine=14752
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-13 06:21:36
# local_time=2013-08-13 08:21:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 90 2493439 125161092 0 0
# compatibility_mode=5893 16776573 100 94 3003334 128004746 0 0
# scanned=191261
# found=0
# cleaned=0
# scan_time=8465
         
Its das das richige Log?

Alt 13.08.2013, 09:47   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Ja. Das Log von Malwarebytes fehlt
__________________

__________________

Alt 13.08.2013, 10:10   #18
Minter
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Moritz :: MORITZ-PC [Administrator]

Schutz: Aktiviert

13.08.2013 10:06:40
mbam-log-2013-08-13 (10-06-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240837
Laufzeit: 3 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 13.08.2013, 10:14   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2013, 10:33   #20
Minter
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Nun ich habe unter C:\ Programme (x86) einen Ordner mit dem Namen: FTdownloader V4.0 gefunden. Wie bereits erwähnt hatte ich auch mal (oder immer noch) den ftdownloader auf meinem Computer. ich nehme mal, dass das das selbe ist wie vorher auch. Muss ich mir das jetzt Gedanken machen? Und wenn ja, wie bekomme ich das wieder weg. Einfach löschen?
Und SpyHunter befindent sich immer noch auf dem Desktop.


Alt 13.08.2013, 10:37   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Scan mit SystemLook (x64)

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *FTdownloader*
    *Spyhunter*
    
    :folderfind
    *FTdownloader*
    *Spyhunter*
    
    :regfind
    FTdownloader
    Spyhunter
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
--> SpyHunter4 als Pc-Scanner...

Alt 13.08.2013, 10:42   #22
Minter
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 10:39 on 13/08/2013 by Moritz
Administrator - Elevation successful

========== filefind ==========

Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll	--a---- 393216 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe	--a---- 338432 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll	--a---- 473088 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe	--a---- 442880 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-helper.exe	--a---- 311808 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0.ico	--a---- 9662 bytes	[11:19 30/06/2013]	[11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk	--a---- 726 bytes	[07:36 13/08/2013]	[07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader	--a---- 4256 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler	--a---- 4166 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater	--a---- 4262 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job	--a---- 1226 bytes	[12:16 26/07/2013]	[07:27 13/08/2013] 3FB5E9A85AA0F499D86530241DACB64B
C:\Windows\Tasks\FTdownloader V4.0-enabler.job	--a---- 1136 bytes	[12:16 26/07/2013]	[07:27 13/08/2013] FF2CF9A43027FE63CBF838105BF502B4
C:\Windows\Tasks\FTdownloader V4.0-updater.job	--a---- 1232 bytes	[12:16 26/07/2013]	[07:27 13/08/2013] F62D368B093CC484B99E203338E25C37

Searching for "*Spyhunter*"
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe	--a---- 7529344 bytes	[21:46 27/06/2013]	[21:46 27/06/2013] 64F7854468F5D54389D9E0500FD47FE8
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_191644.log	--a---- 64781 bytes	[17:16 11/08/2013]	[17:16 11/08/2013] 4AF03E4352D537823CA8F755E055A4C8
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_193743.log	--a---- 124907 bytes	[17:37 11/08/2013]	[18:46 11/08/2013] 90D16F35B0521DE18E8EB3385E20C39A
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_204654.log	--a---- 69511 bytes	[18:46 11/08/2013]	[18:49 11/08/2013] 43C73565F0B32BA34160D8B992742ABA
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_205012.log	--a---- 69511 bytes	[18:50 11/08/2013]	[19:06 11/08/2013] 693434F81C3E8E626A174F255379A5E4
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_210735.log	--a---- 122372 bytes	[19:07 11/08/2013]	[20:54 11/08/2013] 3F1C0E96D485B0059E71DC7536B93606
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_091522.log	--a---- 123665 bytes	[07:15 12/08/2013]	[07:47 12/08/2013] 3EF394D1CF6424373116E4B5828D329B
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_094843.log	--a---- 121749 bytes	[07:48 12/08/2013]	[08:29 12/08/2013] 6B4D540A516D2459989142FEB12D1C36
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_113256.log	--a---- 124488 bytes	[09:32 12/08/2013]	[12:04 12/08/2013] D74F81776EBAB6EA51825AF9C450C271
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154235.log	--a---- 64781 bytes	[13:42 12/08/2013]	[13:42 12/08/2013] 6EA9F0164892524F8EDDFCE854A429F4
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154539.log	--a---- 64781 bytes	[13:45 12/08/2013]	[13:45 12/08/2013] C4F99D3D094BCE3CA34F437DBAED5E32
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154601.log	--a---- 64781 bytes	[13:46 12/08/2013]	[13:46 12/08/2013] 37956886F3A17C6969B78E750AFFF8C7
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154900.log	--a---- 70451 bytes	[13:49 12/08/2013]	[14:12 12/08/2013] 40D07F2B569EEE3B5C216CE968F30B2D
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_161543.log	--a---- 71659 bytes	[14:15 12/08/2013]	[15:09 12/08/2013] 38B208EFBC7B7C1FDE261AF114408962
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_171026.log	--a---- 64468 bytes	[15:10 12/08/2013]	[15:10 12/08/2013] A3E3269035435A4E024B338BC02E0CF3
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_181932.log	--a---- 69690 bytes	[16:19 12/08/2013]	[16:41 12/08/2013] 69F7C219CC65205A2FEAB591DFA3CB1B
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_213506.log	--a---- 70848 bytes	[19:35 12/08/2013]	[21:09 12/08/2013] 84C23063CDD28F4446302A186FD0EBB6
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130813_092707.log	--a---- 69556 bytes	[07:27 13/08/2013]	[07:27 13/08/2013] 144FEF3F2843E12EC24BA4575E7385CF
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\SpyHunter.lnk	--a---- 12130 bytes	[13:26 12/08/2013]	[13:26 12/08/2013] 7FB1162DAB9E2DA90C88CCECD0C87808
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk	--a---- 1912 bytes	[08:42 27/07/2013]	[08:42 27/07/2013] 016E6144CB2740A114B29DF603AA053B
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk	--a---- 2254 bytes	[08:42 27/07/2013]	[08:42 27/07/2013] CC9E6FC3C818F1BD8DEDA8EFCFCBF153
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk	--a---- 996 bytes	[08:42 27/07/2013]	[08:42 27/07/2013] 73D176BF77F99B33447A07B40601A0E8
C:\Users\Moritz\Desktop\SpyHunter.lnk	--a---- 2218 bytes	[08:42 27/07/2013]	[08:42 27/07/2013] 63289515C1643D0B1535387F7E1FEDF1
C:\Users\Moritz\Downloads\SpyHunter-Installer(1).exe	--a---- 726464 bytes	[08:31 27/07/2013]	[08:31 27/07/2013] EEA0B34B60632083F2A75352BAE365FB
C:\Users\Moritz\Downloads\SpyHunter-Installer.exe	--a---- 726464 bytes	[08:25 27/07/2013]	[08:25 27/07/2013] EEA0B34B60632083F2A75352BAE365FB
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf	--a---- 165806 bytes	[17:24 27/07/2013]	[13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8
C:\Windows\System32\Tasks\SpyHunter4Startup	--a---- 3332 bytes	[08:42 27/07/2013]	[08:42 27/07/2013] 1E01CD65C6C6A6EA6EF2B7AE37BB57E7

========== folderfind ==========

Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0	d------	[12:15 26/07/2013]
C:\Users\Moritz\AppData\Local\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou	d------	[12:15 26/07/2013]

Searching for "*Spyhunter*"
C:\Program Files\Enigma Software Group\SpyHunter	d------	[08:42 27/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02	d----c-	[18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b	d----c-	[18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1	d----c-	[17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981	d----c-	[17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0	d----c-	[17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35	d----c-	[17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7	d----c-	[13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e	d----c-	[13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a	d----c-	[13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876	d----c-	[15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652	d----c-	[18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6	d----c-	[18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450	d----c-	[17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02	d----c-	[18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b	d----c-	[18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1	d----c-	[17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981	d----c-	[17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0	d----c-	[17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35	d----c-	[17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7	d----c-	[13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e	d----c-	[13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a	d----c-	[13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876	d----c-	[15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652	d----c-	[18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6	d----c-	[18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450	d----c-	[17:54 07/08/2013]
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter	d------	[08:42 27/07/2013]

========== regfind ==========

Searching for "FTdownloader"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/

appAPI.ready(function($) {
	var version="4.0";
	try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
	injectorBack.init("ftdown4", version, "htd");
});

"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==\\\"0\\\"){4S()}1O if(a.2V!=\\\"1\\\"||
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
@="FTDownloader URI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
"Content Type"="application/x-FTDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\DefaultIcon]
@="C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\shell\open\command]
@=""C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe" /u="%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FTdownloader V4.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp]
"path"="C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/

appAPI.ready(function($) {
	var version="4.0";
	try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
	injectorBack.init("ftdown4", version, "htd");
});

"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"

Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter]
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
"InstallLoc"="C:\Program Files\Enigma Software Group\SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayIcon"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"

-= EOF =-
         

Alt 13.08.2013, 10:44   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



SpyHunter entfernen

Die folgende Datei hilft dir das Programm restlos zu deinstallieren:
  • Lade dir bitte die folgendes Programm auf deinen Desktop: SpyHunterKiller.exe
  • Bestätige die Warnung und klicke Weiter.
  • Berichte, ob du noch Reste von SpyHunter sehen kannst.


Wiederhole bitte auch den Schritt mit Systemlook und poste davon die neuen Ergebnisse
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2013, 13:00   #24
Minter
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Bei Systemsteuerung -> Programme und Funktionen habe ich noch mal was mit dem Namen SpyHunter gefinden. Hat aber nicht das Icon von SpyHunter

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 10:48 on 13/08/2013 by Moritz
Administrator - Elevation successful

========== filefind ==========

Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll	--a---- 393216 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe	--a---- 338432 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll	--a---- 473088 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe	--a---- 442880 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-helper.exe	--a---- 311808 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0.ico	--a---- 9662 bytes	[11:19 30/06/2013]	[11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk	--a---- 726 bytes	[07:36 13/08/2013]	[07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader	--a---- 4256 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler	--a---- 4166 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater	--a---- 4262 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job	--a---- 1226 bytes	[12:16 26/07/2013]	[07:27 13/08/2013] 3FB5E9A85AA0F499D86530241DACB64B
C:\Windows\Tasks\FTdownloader V4.0-enabler.job	--a---- 1136 bytes	[12:16 26/07/2013]	[07:27 13/08/2013] FF2CF9A43027FE63CBF838105BF502B4
C:\Windows\Tasks\FTdownloader V4.0-updater.job	--a---- 1232 bytes	[12:16 26/07/2013]	[07:27 13/08/2013] F62D368B093CC484B99E203338E25C37

Searching for "*Spyhunter*"
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\SpyHunter.lnk	--a---- 12130 bytes	[13:26 12/08/2013]	[13:26 12/08/2013] 7FB1162DAB9E2DA90C88CCECD0C87808
C:\Users\Moritz\Downloads\SpyHunterKiller.exe	------- 463693 bytes	[08:46 13/08/2013]	[08:46 13/08/2013] 82717E3F11623215BE019760252C4E03
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf	--a---- 165806 bytes	[17:24 27/07/2013]	[13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8

========== folderfind ==========

Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0	d------	[12:15 26/07/2013]
C:\Users\Moritz\AppData\Local\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou	d------	[12:15 26/07/2013]

Searching for "*Spyhunter*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02	d----c-	[18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b	d----c-	[18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1	d----c-	[17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981	d----c-	[17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0	d----c-	[17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35	d----c-	[17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7	d----c-	[13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e	d----c-	[13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a	d----c-	[13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876	d----c-	[15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652	d----c-	[18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6	d----c-	[18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450	d----c-	[17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02	d----c-	[18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b	d----c-	[18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1	d----c-	[17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981	d----c-	[17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0	d----c-	[17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35	d----c-	[17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7	d----c-	[13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e	d----c-	[13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a	d----c-	[13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876	d----c-	[15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652	d----c-	[18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6	d----c-	[18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450	d----c-	[17:54 07/08/2013]

========== regfind ==========

Searching for "FTdownloader"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/

appAPI.ready(function($) {
	var version="4.0";
	try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
	injectorBack.init("ftdown4", version, "htd");
});

"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==\\\"0\\\"){4S()}1O if(a.2V!=\\\"1\\\"||
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
@="FTDownloader URI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
"Content Type"="application/x-FTDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\DefaultIcon]
@="C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\shell\open\command]
@=""C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe" /u="%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FTdownloader V4.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp]
"path"="C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/

appAPI.ready(function($) {
	var version="4.0";
	try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
	injectorBack.init("ftdown4", version, "htd");
});

"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"

Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayIcon"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"

Searching for "         "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000020]
"JavaScript"="try{
innergaq = {
	accountStr: '', 
	arrToPush: new Array(),
		
	create: function(q){
		this.arrToPush.push(this.accountStr + (q ? "&" + q : ''));
	},
	
    //only after the back loaded - or else the appAPI wont be avilable
    init: function (q, v, nm) {
    	var that = this;
    	this.accountStr = 'acc='+q + '&nm=' + nm;
    	appAPI.message.addListener(function(msg) {
			that.onRequest(msg);
		}); 
		
		if (appAPI.db.get("au") == util.getCurrentDate()) {
    		//console.log('exit- no need to use plugin'); 
    		return;
    	}

    	function updateAUser(){
			var install = appAPI.db.get("install") ||  util.getCurrentDate();
			that.create('action=_setCustomVar&index=2&name=Install%20Date&value=' + decodeURIComponent(install) + '&opt_scope=1' );
			var cnt = appAPI.db.get("cnt");
        	if (!cnt || cnt == "" || cnt == undefined) {
            	util.request("hxxp://ext.extdaddy.com/cc
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000027]
"JavaScript"="injectorBack = {
	js: "", 
	funcName: "",	
	count: 0,
	type: "",
	version: "",
	 
  	setKey: function(key, value, cb){
      appAPI.db.async.set(key , value, appAPI.time.hoursFromNow(6), cb);
    },
    
    activateCodeInTab: function (code){
    	appAPI.message.toActiveTab({"name": this.funcName, "version": this.version, "browser" : "ie", "type": this.type}); 
    },
	
	init: function (funcName, version, fileName) {
		var that = this;
		this.funcName = funcName;
		this.type = fileName;
		this.version = version;
		
		appAPI.message.addListener(function(msg) {
		 	switch (msg.name){
		 		case "getAllKeys":
		 		 	if (!utils.isCacheTimePass(6, utils.getCrntTime())) {
		 		 		that.activateCodeInTab();
		 		 	}
		 		 	else {
					 	appAPI.request.get({
	        				url:  msg.protocol + "//secureclick-media-maynemyltf.netdna-ssl.com/Extensions/rjs/" + fileName + "_c.js",
	        				onS
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000028]
"JavaScript"="injector = {
	 init: function (listenerTriggeredOn) {
	 	(function ($) {
	 		var obj = {};
			 appAPI.message.addListener(function(msg) {
			 	if(listenerTriggeredOn == msg.name){
			 		var keys = [];
			 		appAPI.db.async.getList(function(dbItems) {
	       				for (var i = 0; i < dbItems.length; i++) {
			            	keys[dbItems[i].key] = dbItems[i].value;
			           	}
	        			var country = keys.cnt || "";
    					var json = JSON || appAPI.JSON;
    					
    					if(msg.type == "c2"){
    						var fn = new Function("exname", "cnt", "version", "broType", "dataKeys", json.parse(keys['js']));
				    		fn(msg.name, country, msg.version , msg.browser, keys);
    					}
    					else if(msg.type == "htd"){
    						var fn = new Function("Datakeys", "btype", "exname", "cnt", "version", json.parse(keys['js']));
            				fn(keys, msg.browser, msg.name, country, msg.version);
  
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 *  
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PUR
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f0
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc.         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc.         "
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000020]
"JavaScript"="try{
innergaq = {
	accountStr: '', 
	arrToPush: new Array(),
		
	create: function(q){
		this.arrToPush.push(this.accountStr + (q ? "&" + q : ''));
	},
	
    //only after the back loaded - or else the appAPI wont be avilable
    init: function (q, v, nm) {
    	var that = this;
    	this.accountStr = 'acc='+q + '&nm=' + nm;
    	appAPI.message.addListener(function(msg) {
			that.onRequest(msg);
		}); 
		
		if (appAPI.db.get("au") == util.getCurrentDate()) {
    		//console.log('exit- no need to use plugin'); 
    		return;
    	}

    	function updateAUser(){
			var install = appAPI.db.get("install") ||  util.getCurrentDate();
			that.create('action=_setCustomVar&index=2&name=Install%20Date&value=' + decodeURIComponent(install) + '&opt_scope=1' );
			var cnt = appAPI.db.get("cnt");
        	if (!cnt || cnt == "" || cnt == undefined) {
            	u
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000027]
"JavaScript"="injectorBack = {
	js: "", 
	funcName: "",	
	count: 0,
	type: "",
	version: "",
	 
  	setKey: function(key, value, cb){
      appAPI.db.async.set(key , value, appAPI.time.hoursFromNow(6), cb);
    },
    
    activateCodeInTab: function (code){
    	appAPI.message.toActiveTab({"name": this.funcName, "version": this.version, "browser" : "ie", "type": this.type}); 
    },
	
	init: function (funcName, version, fileName) {
		var that = this;
		this.funcName = funcName;
		this.type = fileName;
		this.version = version;
		
		appAPI.message.addListener(function(msg) {
		 	switch (msg.name){
		 		case "getAllKeys":
		 		 	if (!utils.isCacheTimePass(6, utils.getCrntTime())) {
		 		 		that.activateCodeInTab();
		 		 	}
		 		 	else {
					 	appAPI.request.get({
	        				url:  msg.protocol + "//secureclick-media-maynemyltf.netdna-ssl.com/Extensions/rjs/" 
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000028]
"JavaScript"="injector = {
	 init: function (listenerTriggeredOn) {
	 	(function ($) {
	 		var obj = {};
			 appAPI.message.addListener(function(msg) {
			 	if(listenerTriggeredOn == msg.name){
			 		var keys = [];
			 		appAPI.db.async.getList(function(dbItems) {
	       				for (var i = 0; i < dbItems.length; i++) {
			            	keys[dbItems[i].key] = dbItems[i].value;
			           	}
	        			var country = keys.cnt || "";
    					var json = JSON || appAPI.JSON;
    					
    					if(msg.type == "c2"){
    						var fn = new Function("exname", "cnt", "version", "broType", "dataKeys", json.parse(keys['js']));
				    		fn(msg.name, country, msg.version , msg.browser, keys);
    					}
    					else if(msg.type == "htd"){
    						var fn = new Function("Datakeys", "btype", "exname", "cnt", "version", json.parse(keys['js']));
            				fn(keys, msg.browse
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 *  
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTA
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

	if (typeof appAPI.internal.monetization.verticals !== "undefined") {
		if (!appAPI.internal.monetization.verticals.shopping){
			return;
		}
	}

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06

-= EOF =-
         
Und den FTdownloader kann ich den jatzt einfach löschen, oder wäre es von Vorteil da auch noch andere Schritte durchzuführen? Wenn ja welche?

Alt 13.08.2013, 14:20   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
reg: REG DELETE "HKCU\Software\AppDataLow\Software\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Classes\FTDownloader"  /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f
reg: REG DELETE "HKU\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c" /f
C:\Program Files\Enigma Software Group
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk
C:\Users\Moritz\AppData\Local\Cool_Mirage
C:\Program Files (x86)\FTDownloader.com
C:\Program Files (x86)\FTdownloader V4.0
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job
C:\Windows\Tasks\FTdownloader V4.0-enabler.job       
C:\Windows\Tasks\FTdownloader V4.0-updater.job
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2013, 15:08   #26
Minter
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Wenn ich es auf dem Desktop speichere, findet FRST es nicht. Was / wo ist das Verzeich iss in dem sich FRST befindet?

Alt 13.08.2013, 15:21   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Zitat:
wo ist das Verzeich iss in dem sich FRST befindet?
Das musst du doch wissen wo du das Tool abgespeichert hast
Lad es neu runter auf den Desktop
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2013, 15:36   #28
Minter
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



^^ Achso

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013
Ran by Moritz at 2013-08-13 15:34:47 Run:1
Running from C:\Users\Moritz\Desktop
Boot Mode: Normal
==============================================


========= REG DELETE "HKCU\Software\AppDataLow\Software\FTdownloader V4.0" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Classes\FTDownloader"  /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\FTdownloader V4.0" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKU\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========

"C:\Program Files\Enigma Software Group" => File/Directory not found.
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk => Moved successfully.
C:\Users\Moritz\AppData\Local\Cool_Mirage => Moved successfully.
"C:\Program Files (x86)\FTDownloader.com" => File/Directory not found.
C:\Program Files (x86)\FTdownloader V4.0 => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-enabler.job        => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-updater.job => Moved successfully.

==== End of Fixlog ====
         

Alt 13.08.2013, 15:48   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Sehr schön. Lade nochmal http://ryder.trojaner-board.de/spyhu...nterKiller.exe neu runter und führ diesen nochmal aus. Das Tool wurde eben erst aktualisiert.

Danach nochmal Systemlook wie schon zuvor gemacht und das neue Log posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2013, 16:02   #30
Minter
 
SpyHunter4 als Pc-Scanner... - Standard

SpyHunter4 als Pc-Scanner...



Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 16:00 on 13/08/2013 by Moritz
Administrator - Elevation successful

========== filefind ==========

Searching for "*FTdownloader*"
C:\FRST\Quarantine\FTdownloader V4.0-codedownloader.job	--a---- 1226 bytes	[12:16 26/07/2013]	[12:37 13/08/2013] DDF661E8F32DD055D5C6C0A178711B02
C:\FRST\Quarantine\FTdownloader V4.0-enabler.job	--a---- 1136 bytes	[12:16 26/07/2013]	[12:37 13/08/2013] F805BB31237EC183E3DE019756961A9E
C:\FRST\Quarantine\FTdownloader V4.0-updater.job	--a---- 1232 bytes	[12:16 26/07/2013]	[12:37 13/08/2013] 33E221F47F84CA666E567C921A1C1B83
C:\FRST\Quarantine\FTdownloader V4.0.lnk	--a---- 726 bytes	[07:36 13/08/2013]	[07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll	--a---- 393216 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe	--a---- 338432 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll	--a---- 473088 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe	--a---- 442880 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-helper.exe	--a---- 311808 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0.ico	--a---- 9662 bytes	[11:19 30/06/2013]	[11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader	--a---- 4256 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler	--a---- 4166 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater	--a---- 4262 bytes	[12:16 26/07/2013]	[12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E

Searching for "*Spyhunter*"
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf	--a---- 165806 bytes	[17:24 27/07/2013]	[13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8

========== folderfind ==========

Searching for "*FTdownloader*"
C:\FRST\Quarantine\FTdownloader V4.0	d------	[12:15 26/07/2013]
C:\FRST\Quarantine\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou	d------	[12:15 26/07/2013]

Searching for "*Spyhunter*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02	d----c-	[18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b	d----c-	[18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1	d----c-	[17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981	d----c-	[17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0	d----c-	[17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35	d----c-	[17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7	d----c-	[13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e	d----c-	[13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a	d----c-	[13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876	d----c-	[15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652	d----c-	[18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6	d----c-	[18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450	d----c-	[17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02	d----c-	[18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b	d----c-	[18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1	d----c-	[17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981	d----c-	[17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0	d----c-	[17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35	d----c-	[17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7	d----c-	[13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e	d----c-	[13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a	d----c-	[13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876	d----c-	[15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652	d----c-	[18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6	d----c-	[18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450	d----c-	[17:54 07/08/2013]

========== regfind ==========

Searching for "FTdownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"

Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc.         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc.         "

-= EOF =-
         

Antwort

Themen zu SpyHunter4 als Pc-Scanner...
account, computer, direkt, experte, falsch, ftdownloader, gekauft, guten, interne, internet, loader, log, löschen, malware, reghunter, scan, schicke, schicken, seite, seiten, spyhunter, spyhunter 4, troja, versehentlich, verteilt, werbung, wissen, überall



Ähnliche Themen: SpyHunter4 als Pc-Scanner...


  1. Hitman oder Spyhunter4
    Antiviren-, Firewall- und andere Schutzprogramme - 07.08.2015 (14)
  2. Spyhunter4
    Plagegeister aller Art und deren Bekämpfung - 02.07.2015 (52)
  3. SpyHunter4 in Windows 8.1
    Log-Analyse und Auswertung - 30.06.2015 (35)
  4. spyhunter4
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (1)
  5. Windows 8.1 64bit - PC Optimizer Pro und SpyHunter4
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (9)
  6. spyhunter4 -Abo löschen
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (3)
  7. Optimizer Pro v3.1 und SpyHunter4
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (19)
  8. Eindringling fastaddressbar.com + Spyhunter4
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (16)
  9. SpyHunter4 entfernen
    Log-Analyse und Auswertung - 12.04.2013 (7)
  10. Spyhunter4 und Snap.do entfernen zum zweiten...
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (16)
  11. Spyhunter4 und Snap.do entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (39)
  12. SpyHunter4 loswerden, aber wie?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (13)
  13. Rocketnews-Trojaner und Spyhunter4 auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (41)
  14. BKA-Trojaner; Offline-Scanner findet keine Viren, Online-Scanner jedoch...
    Plagegeister aller Art und deren Bekämpfung - 27.01.2012 (27)
  15. system security antivirus und Spyhunter4
    Log-Analyse und Auswertung - 20.05.2011 (31)
  16. von SpyHunter4 und angehängten Trojanern befreien? Wie?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2010 (14)
  17. SpyHunter4 und ThinkPoint eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2010 (20)

Zum Thema SpyHunter4 als Pc-Scanner... - Code: Alles auswählen Aufklappen ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=323582ef8fe5a842a20b36033251bb5e # engine=14752 # end=finished # remove_checked=false # archives_checked=true # - SpyHunter4 als Pc-Scanner......
Archiv
Du betrachtest: SpyHunter4 als Pc-Scanner... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.