SMalik
-
Posts
1,747 -
Joined
-
Last visited
Posts posted by SMalik
-
-
Revised Entry
[Snagit *]
LangSecRef=3021
Detect=HKCU\Software\TechSmith\Snagit
Warning=This will delete the backups of the captures.
FileKey1=%CommonAppData%\TechSmith\Uploader|*.log
FileKey2=%Documents%|SnagitDebug.log
FileKey3=%LocalAppData%\TechSmith\Logs|*.log
FileKey4=%LocalAppData%\TechSmith\Snagit|Tray.bin
FileKey5=%LocalAppData%\TechSmith\Snagit\CrashDumps|*.*|RECURSE
FileKey6=%LocalAppData%\TechSmith\Snagit\DataStore\AppIcons|*.ico
FileKey7=%LocalAppData%\TechSmith\Snagit\DataStore\WebSiteIcons|*.ico
FileKey8=%LocalAppData%\TechSmith\Snagit\Thumbnails|*.*|RECURSE
FileKey9=%LocalAppData%\TechSmith\Snagit\TrackerbirdFiles|*.log;*.logtmp
RegKey1=HKCU\Software\TechSmith\Snagit\9|StampCustomFolder
RegKey2=HKCU\Software\TechSmith\Snagit\10|StampCustomFolder
RegKey3=HKCU\Software\TechSmith\Snagit\11|CaptureCount
RegKey4=HKCU\Software\TechSmith\Snagit\11|CaptureOpenCount
RegKey5=HKCU\Software\TechSmith\Snagit\11|OutputDirLastUsed
RegKey6=HKCU\Software\TechSmith\Snagit\11|VidOutputDirLastUsed
RegKey7=HKCU\Software\TechSmith\Snagit\11\SnagItEditor\Tray|Thumbnailsize
RegKey8=HKCU\Software\TechSmith\Snagit\12|CaptureCount
RegKey9=HKCU\Software\TechSmith\Snagit\12|CaptureOpenCount
RegKey10=HKCU\Software\TechSmith\Snagit\12|OutputDirLastUsed
RegKey11=HKCU\Software\TechSmith\Snagit\12|VidOutputDirLastUsed
RegKey12=HKCU\Software\TechSmith\Snagit\12\SnagItEditor\Tray|Thumbnailsize
RegKey13=HKCU\Software\TechSmith\Snagit\13|CaptureCount
RegKey14=HKCU\Software\TechSmith\Snagit\13|CaptureOpenCount
RegKey15=HKCU\Software\TechSmith\Snagit\13|OutputDirLastUsed
RegKey16=HKCU\Software\TechSmith\Snagit\13|VidOutputDirLastUsed
RegKey17=HKCU\Software\TechSmith\Snagit\13\Recent Captures
RegKey18=HKCU\Software\TechSmith\Snagit\13\SnagitEditor\Recent File List
RegKey19=HKCU\Software\TechSmith\Snagit\13\SnagItEditor\Tray|Thumbnailsize
RegKey20=HKCU\Software\TechSmith\Snagit\18|CaptureCount
RegKey21=HKCU\Software\TechSmith\Snagit\18|CaptureOpenCount
RegKey22=HKCU\Software\TechSmith\Snagit\18|OutputDirLastUsed
RegKey23=HKCU\Software\TechSmith\Snagit\18|VidOutputDirLastUsed
RegKey24=HKCU\Software\TechSmith\Snagit\18\Recent Captures
RegKey25=HKCU\Software\TechSmith\Snagit\18\SnagitEditor\Recent File List
RegKey26=HKCU\Software\TechSmith\Snagit\18\SnagItEditor\Tray|Thumbnailsize
RegKey27=HKCU\Software\TechSmith\Snagit\19|CaptureCount
RegKey28=HKCU\Software\TechSmith\Snagit\19|CaptureOpenCount
RegKey29=HKCU\Software\TechSmith\Snagit\19|OutputDirLastUsed
RegKey30=HKCU\Software\TechSmith\Snagit\19|VidOutputDirLastUsed
RegKey31=HKCU\Software\TechSmith\Snagit\19\Recent Captures
RegKey32=HKCU\Software\TechSmith\Snagit\19\SnagitEditor\Recent File List
RegKey33=HKCU\Software\TechSmith\Snagit\19\SnagItEditor\Tray|Thumbnailsize
RegKey34=HKCU\Software\TechSmith\Snagit\20|CaptureCount
RegKey35=HKCU\Software\TechSmith\Snagit\20|CaptureOpenCount
RegKey36=HKCU\Software\TechSmith\Snagit\20|OutputDirLastUsed
RegKey37=HKCU\Software\TechSmith\Snagit\20|VidOutputDirLastUsed
RegKey38=HKCU\Software\TechSmith\Snagit\20\Recent Captures
RegKey39=HKCU\Software\TechSmith\Snagit\20\SnagitEditor\Recent File List
RegKey40=HKCU\Software\TechSmith\Snagit\20\SnagItEditor\Tray|Thumbnailsize
RegKey41=HKCU\Software\TechSmith\Snagit\21|CaptureCount
RegKey42=HKCU\Software\TechSmith\Snagit\21|CaptureOpenCount
RegKey43=HKCU\Software\TechSmith\Snagit\21|OutputDirLastUsed
RegKey44=HKCU\Software\TechSmith\Snagit\21|VidOutputDirLastUsed
RegKey45=HKCU\Software\TechSmith\Snagit\21\Recent Captures
RegKey46=HKCU\Software\TechSmith\Snagit\21\SnagitEditor\Recent File List
RegKey47=HKCU\Software\TechSmith\Snagit\21\SnagItEditor\Tray|Thumbnailsize
RegKey48=HKCU\Software\TechSmith\Snagit\Stamps|StampCustomFolderRemoved:
%AppData%\TechSmith\Snagit *\Identity|*.*
Sign in file%LocalAppData%\TechSmith\Snagit\DataStore|*.SNAG;*.SNAGundo;*.MP4
*.SNAG;*.MP4 are Snagit Editor Library files
*.SNAGundo are unsaved files
https://support.techsmith.com/hc/en-us/community/posts/360071706912-Can-I-delete-files-on-my-pc-with-the-Snagit-file-type-snagundo-without-losing-any-data-Added:
Support for Snagit 2021 -
Revised Entry
[Snagit *]
LangSecRef=3021
Detect=HKCU\Software\TechSmith\Snagit
Warning=This will delete the backups of the captures.
FileKey1=%CommonAppData%\TechSmith\Uploader|*.log
FileKey2=%Documents%|SnagitDebug.log
FileKey3=%LocalAppData%\TechSmith\Logs|*.log
FileKey4=%LocalAppData%\TechSmith\Snagit|Tray.bin
FileKey5=%LocalAppData%\TechSmith\Snagit\CrashDumps|*.*|RECURSE
FileKey6=%LocalAppData%\TechSmith\Snagit\DataStore|*.SNAGundo
FileKey7=%LocalAppData%\TechSmith\Snagit\DataStore\AppIcons|*.ico
FileKey8=%LocalAppData%\TechSmith\Snagit\DataStore\WebSiteIcons|*.ico
FileKey9=%LocalAppData%\TechSmith\Snagit\Thumbnails|*.*|RECURSE
FileKey10=%LocalAppData%\TechSmith\Snagit\TrackerbirdFiles|*.log;*.logtmp
RegKey1=HKCU\Software\TechSmith\Snagit\9|StampCustomFolder
RegKey2=HKCU\Software\TechSmith\Snagit\10|StampCustomFolder
RegKey3=HKCU\Software\TechSmith\Snagit\11|CaptureCount
RegKey4=HKCU\Software\TechSmith\Snagit\11|CaptureOpenCount
RegKey5=HKCU\Software\TechSmith\Snagit\11|OutputDirLastUsed
RegKey6=HKCU\Software\TechSmith\Snagit\11|VidOutputDirLastUsed
RegKey7=HKCU\Software\TechSmith\Snagit\11\SnagItEditor\Tray|Thumbnailsize
RegKey8=HKCU\Software\TechSmith\Snagit\12|CaptureCount
RegKey9=HKCU\Software\TechSmith\Snagit\12|CaptureOpenCount
RegKey10=HKCU\Software\TechSmith\Snagit\12|OutputDirLastUsed
RegKey11=HKCU\Software\TechSmith\Snagit\12|VidOutputDirLastUsed
RegKey12=HKCU\Software\TechSmith\Snagit\12\SnagItEditor\Tray|Thumbnailsize
RegKey13=HKCU\Software\TechSmith\Snagit\13|CaptureCount
RegKey14=HKCU\Software\TechSmith\Snagit\13|CaptureOpenCount
RegKey15=HKCU\Software\TechSmith\Snagit\13|OutputDirLastUsed
RegKey16=HKCU\Software\TechSmith\Snagit\13|VidOutputDirLastUsed
RegKey17=HKCU\Software\TechSmith\Snagit\13\Recent Captures
RegKey18=HKCU\Software\TechSmith\Snagit\13\SnagitEditor\Recent File List
RegKey19=HKCU\Software\TechSmith\Snagit\13\SnagItEditor\Tray|Thumbnailsize
RegKey20=HKCU\Software\TechSmith\Snagit\18|CaptureCount
RegKey21=HKCU\Software\TechSmith\Snagit\18|CaptureOpenCount
RegKey22=HKCU\Software\TechSmith\Snagit\18|OutputDirLastUsed
RegKey23=HKCU\Software\TechSmith\Snagit\18|VidOutputDirLastUsed
RegKey24=HKCU\Software\TechSmith\Snagit\18\Recent Captures
RegKey25=HKCU\Software\TechSmith\Snagit\18\SnagitEditor\Recent File List
RegKey26=HKCU\Software\TechSmith\Snagit\18\SnagItEditor\Tray|Thumbnailsize
RegKey27=HKCU\Software\TechSmith\Snagit\19|CaptureCount
RegKey28=HKCU\Software\TechSmith\Snagit\19|CaptureOpenCount
RegKey29=HKCU\Software\TechSmith\Snagit\19|OutputDirLastUsed
RegKey30=HKCU\Software\TechSmith\Snagit\19|VidOutputDirLastUsed
RegKey31=HKCU\Software\TechSmith\Snagit\19\Recent Captures
RegKey32=HKCU\Software\TechSmith\Snagit\19\SnagitEditor\Recent File List
RegKey33=HKCU\Software\TechSmith\Snagit\19\SnagItEditor\Tray|Thumbnailsize
RegKey34=HKCU\Software\TechSmith\Snagit\20|CaptureCount
RegKey35=HKCU\Software\TechSmith\Snagit\20|CaptureOpenCount
RegKey36=HKCU\Software\TechSmith\Snagit\20|OutputDirLastUsed
RegKey37=HKCU\Software\TechSmith\Snagit\20|VidOutputDirLastUsed
RegKey38=HKCU\Software\TechSmith\Snagit\20\Recent Captures
RegKey39=HKCU\Software\TechSmith\Snagit\20\SnagitEditor\Recent File List
RegKey40=HKCU\Software\TechSmith\Snagit\20\SnagItEditor\Tray|Thumbnailsize
RegKey41=HKCU\Software\TechSmith\Snagit\21|CaptureCount
RegKey42=HKCU\Software\TechSmith\Snagit\21|CaptureOpenCount
RegKey43=HKCU\Software\TechSmith\Snagit\21|OutputDirLastUsed
RegKey44=HKCU\Software\TechSmith\Snagit\21|VidOutputDirLastUsed
RegKey45=HKCU\Software\TechSmith\Snagit\21\Recent Captures
RegKey46=HKCU\Software\TechSmith\Snagit\21\SnagitEditor\Recent File List
RegKey47=HKCU\Software\TechSmith\Snagit\21\SnagItEditor\Tray|Thumbnailsize
RegKey48=HKCU\Software\TechSmith\Snagit\Stamps|StampCustomFolderRemoved:
%AppData%\TechSmith\Snagit *\Identity|*.*
Sign in file%LocalAppData%\TechSmith\Snagit\DataStore|*.SNAG;*.SNAGundo;*.MP4
*.SNAG;*.MP4 are Snagit Editor Library filesAdded:
Support for Snagit 2021 -
15 hours ago, SMalik said:
That is correct. I am sorry.
Revised Entry
Changed DetectFile to Detect
[OpenVPN *]
LangSecRef=3024
Detect=HKLM\SOFTWARE\OpenVPN
FileKey1=%ProgramFiles%\OpenVPN\Log|*.log
FileKey2=%UserProfile%\OpenVPN\log|*.*|RECURSE -
3 hours ago, cbaumer0628 said:
@SMalikI believe it's %UserProfile% and NOT %UsersProfile% !!
That is correct. I am sorry.
-
Revised Entry
Changed: %ProgramFiles%\OpenVPN\Log|*.* to %ProgramFiles%\OpenVPN\Log|*.log
There is README.txt file here as well.Added: %UsersProfile%\OpenVPN\log|*.*|RECURSE
[OpenVPN *]
LangSecRef=3024
DetectFile=%ProgramFiles%\OpenVPN
FileKey1=%ProgramFiles%\OpenVPN\Log|*.log
FileKey2=%UsersProfile%\OpenVPN\log|*.*|RECURSE -
2 hours ago, SMalik said:
Revised Entries
[Aimersoft Helper Compact *]
LangSecRef=3023
Detect=HKLM\Software\Aimersoft\Aimersoft Helper Compact
FileKey1=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact|ProductUpdateLists.xml;ASHelper.exe_temp;ASHelperSetup.exe_temp
FileKey2=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\DATADICT|*.*|RECURSE
FileKey3=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\Log|*.*|RECURSE
FileKey4=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\Temp|*.*|RECURSEChanged DetectFile to Detect
Removed unnecessary RegKey1 and RegKey2
[Aimersoft Video Converter Ultimate *]
LangSecRef=3023
Detect1=HKLM\Software\Aimersoft\Aimersoft Video Converter Ultimate
Detect2=HKLM\Software\Wondershare\Aimersoft Video Converter Ultimate
FileKey1=%CommonAppData%\Aimersoft\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Aimersoft\RemoteLogs\*Logs|*.*|RECURSE
FileKey3=%Documents%\Aimersoft MediaServer\log|*.*|RECURSE
FileKey4=%ProgramFiles%\Aimersoft\Video Converter Ultimate\TempThumbDir|*.*|RECURSE
FileKey5=%Public%\Documents\Aimersoft|*.*|REMOVESELFAdded:
Detect2
%Documents%\Aimersoft MediaServer\log|*.*|RECURSE
%Public%\Documents\Aimersoft|*.*|REMOVESELF
[Aimersoft Video Editor *]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Aimersoft\Aimersoft Video Editor
FileKey1=%CommonAppData%\Aimersoft\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Aimersoft\RemoteLogs\*Logs|*.*|RECURSE
FileKey3=%ProgramFiles%\Aimersoft\Video Editor\\log|*.*|RECURSE
FileKey4=%Public%\Documents\Aimersoft|*.*|REMOVESELFChanged DetectFile to Detect
AddEd: FileKey1 and FileKey2
Removed unnecessary %ProgramFiles%\Video Editor\Log|*.log
[Wondershare Filmora *]
LangSecRef=3023
Detect1=HKLM\SOFTWARE\Wondershare\Wondershare Filmora
Detect2=HKLM\SOFTWARE\Wondershare\Wondershare FilmoraPro
FileKey1=%CommonAppData%\Wondershare\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Wondershare\RemoteLogs\*Logs|*.*|RECURSE
FileKey3=%ProgramFiles%\Wondershare\Wondershare Filmora\log|*.*|RECURSE
FileKey4=%Public%\Documents\Wondershare|*.*|REMOVESELFChanged name from [Wondershare Filmora 9 *] to [Wondershare Filmora *]
Changed DetectFile to Detect
[Wondershare SafeEraser *]
I think this should be removed. It is a prt of Wondershare Dr.FoneOne entry for Aimersoft Video Converter and Aimersoft Video Converter Ultimate
[Aimersoft Video Converter *]
LangSecRef=3023
Detect1=HKLM\Software\Aimersoft\Aimersoft Video Converter
Detect2=HKLM\Software\Aimersoft\Aimersoft Video Converter Ultimate
FileKey1=%CommonAppData%\Aimersoft\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Aimersoft\RemoteLogs\*Logs|*.*|RECURSE
FileKey3=%Documents%\Aimersoft MediaServer\log|*.*|RECURSE
FileKey4=%ProgramFiles%\Aimersoft\Video Converter\TempThumbDir|*.*|RECURSE
FileKey5=%ProgramFiles%\Aimersoft\Video Converter Ultimate\TempThumbDir|*.*|RECURSE
FileKey6=%Public%\Documents\Aimersoft|*.*|REMOVESELFAdded:
Detect2
%Documents%\Aimersoft MediaServer\log|*.*|RECURSE
%Public%\Documents\Aimersoft|*.*|REMOVESELF -
Revised Entries
[Aimersoft Helper Compact *]
LangSecRef=3023
Detect=HKLM\Software\Aimersoft\Aimersoft Helper Compact
FileKey1=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact|ProductUpdateLists.xml;ASHelper.exe_temp;ASHelperSetup.exe_temp
FileKey2=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\DATADICT|*.*|RECURSE
FileKey3=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\Log|*.*|RECURSE
FileKey4=%CommonProgramFiles%\Aimersoft\Aimersoft Helper Compact\Temp|*.*|RECURSEChanged DetectFile to Detect
Removed unnecessary RegKey1 and RegKey2
[Aimersoft Video Converter Ultimate *]
LangSecRef=3023
Detect1=HKLM\Software\Aimersoft\Aimersoft Video Converter Ultimate
Detect2=HKLM\Software\Wondershare\Aimersoft Video Converter Ultimate
FileKey1=%CommonAppData%\Aimersoft\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Aimersoft\RemoteLogs\*Logs|*.*|RECURSE
FileKey3=%Documents%\Aimersoft MediaServer\log|*.*|RECURSE
FileKey4=%ProgramFiles%\Aimersoft\Video Converter Ultimate\TempThumbDir|*.*|RECURSE
FileKey5=%Public%\Documents\Aimersoft|*.*|REMOVESELFAdded:
Detect2
%Documents%\Aimersoft MediaServer\log|*.*|RECURSE
%Public%\Documents\Aimersoft|*.*|REMOVESELF
[Aimersoft Video Editor *]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Aimersoft\Aimersoft Video Editor
FileKey1=%CommonAppData%\Aimersoft\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Aimersoft\RemoteLogs\*Logs|*.*|RECURSE
FileKey3=%ProgramFiles%\Aimersoft\Video Editor\\log|*.*|RECURSE
FileKey4=%Public%\Documents\Aimersoft|*.*|REMOVESELFChanged DetectFile to Detect
AddEd: FileKey1 and FileKey2
Removed unnecessary %ProgramFiles%\Video Editor\Log|*.log
[Wondershare Filmora *]
LangSecRef=3023
Detect1=HKLM\SOFTWARE\Wondershare\Wondershare Filmora
Detect2=HKLM\SOFTWARE\Wondershare\Wondershare FilmoraPro
FileKey1=%CommonAppData%\Wondershare\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Wondershare\RemoteLogs\*Logs|*.*|RECURSE
FileKey3=%ProgramFiles%\Wondershare\Wondershare Filmora\log|*.*|RECURSE
FileKey4=%Public%\Documents\Wondershare|*.*|REMOVESELFChanged name from [Wondershare Filmora 9 *] to [Wondershare Filmora *]
Changed DetectFile to Detect
[Wondershare SafeEraser *]
I think this should be removed. It is a prt of Wondershare Dr.Fone -
Revised Entry
[Adobe Reader DC *]
LangSecRef=3021
Detect=HKLM\Software\Adobe\Acrobat Reader\DC
FileKey1=%AppData%\Adobe\Acrobat\DC\Security\CRLCache|*.*|RECURSE
FileKey2=%LocalAppData%\Adobe\Acrobat\DC|IconCacheRdr*.dat;UserCache.bin
FileKey3=%LocalAppData%\Adobe\Acrobat\DC\ToolsSearchCacheRdr|*.*|RECURSE
FileKey4=%LocalLowAppData%\Adobe\Acrobat\DC|ReaderMessages
FileKey5=%LocalLowAppData%\Adobe\Acrobat\DC\ConnectorIcons|*.*|RECURSE
FileKey6=%LocalLowAppData%\Adobe\AcroCef\DC\Acrobat\Cache|*.*|RECURSE
RegKey1=HKCU\Software\Adobe\Acrobat Reader\DC\AVConnector\cIconCache
RegKey2=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionFromPDF
RegKey3=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionToPDF
RegKey4=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral|iNumOfAVDocsOpened
RegKey5=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral|iNumReaderLaunches
RegKey6=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cDockables
RegKey7=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentToolsList
RegKey8=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cToolbars
RegKey9=HKCU\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles
RegKey10=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent
RegKey11=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsPrev
RegKey12=HKCU\Software\Adobe\Acrobat Reader\DC\ShareIdentity
RegKey13=HKCU\Software\Adobe\Adobe Synchronizer\DCAdded: Usage Stats
HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral|iNumOfAVDocsOpened
HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral|iNumReaderLaunches -
Revised Entries
[Wondershare UniConverter *]
LangSecRef=3023
Detect=HKLM\Software\Wondershare\Wondershare UniConverter
FileKey1=%CommonAppData%\Wondershare\ProductFeatures\*Logs|*.*|RECURSE
FileKey2=%CommonAppData%\Wondershare\UniConverter\DataTrack|tmp;*.bak;*.log
FileKey3=%CommonAppData%\Wondershare\UniConverter\TempThumbDir|*.*|RECURSE
FileKey4=%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE
FileKey5=%ProgramFiles%\Wondershare\UniConverter\Log|*.*|RECURSE
FileKey6=%Public%\Documents\Wondershare|*.*|REMOVESELF
FileKey7=%SystemDrive%\|logWSVCUUpdateHelper.log
FileKey8=%SystemDrive%\Wondershare UniConverter\Downloaded\temp|*.*|REMOVESELF
FileKey9=%UserProfile%\.cache|*.*|REMOVESELFRemoved: %CommonAppData%\Wondershare MediaServer|*.txt
MediaServer is not a part of UniConverterAdded:
%Public%\Documents\Wondershare|*.*|REMOVESELF
%SystemDrive%\|logWSVCUUpdateHelper.log
[Wondershare Video Converter *]
LangSecRef=3023
Detect1=HKLM\Software\Wondershare\Wondershare Video Converter Pro
Detect2=HKLM\Software\Wondershare\Wondershare Video Converter Ultimate
FileKey1=%CommonAppData%\Wondershare MediaServer|*.txt
FileKey2=%CommonAppData%\Wondershare\ProductFeatures\*Logs|*.*|RECURSE
FileKey3=%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE
FileKey4=%Documents%\Wondershare MediaServer\log|*.*|RECURSE
FileKey5=%ProgramFiles%\Wondershare Video Converter Ultimate\TempThumbDir|*.*|RECURSE
FileKey6=%Public%\Documents\Wondershare|*.*|REMOVESELF
FileKey7=%SystemDrive%\|logWSVCUUpdateHelper.log
FileKey8=%UserProfile%\.cache|*.*|REMOVESELFAdded:
%CommonAppData%\Wondershare MediaServer|*.txt
%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE
%SystemDrive%\|logWSVCUUpdateHelper.log
%UserProfile%\.cache|*.*|REMOVESELF -
I think we should change the name of [Windows ShellBags *] to [Folders View Settings *]
-
Revised Entry
[Windows Defender *]
LangSecRef=3024
Detect=HKLM\Software\Microsoft\Windows Defender
FileKey1=%CommonAppData%\Microsoft\Windows Defender\Network Inspection System\Support|*.txt;NisLog.txt.bak
FileKey2=%CommonAppData%\Microsoft\Windows Defender\Scans\BackupStore|*.*|RECURSE
FileKey3=%CommonAppData%\Microsoft\Windows Defender\Scans\History\CacheManager|*.*|RECURSE
FileKey4=%CommonAppData%\Microsoft\Windows Defender\Scans\MetaStore|*.*|RECURSE
FileKey5=%CommonAppData%\Microsoft\Windows Defender\Scans\RtSigs\Data|*.*|RECURSE
FileKey6=%CommonAppData%\Microsoft\Windows Defender\Support|*.*|RECURSERemoved: %CommonAppData%\Microsoft\Windows Defender\Scans\History\Service|*.log
There are no log files here. Windows Defender stores detection history here: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory
If we add detection history, then we should add quarantine files locations as well.
%CommonAppData%\Microsoft\Windows Defender\Quarantine\Entries
%CommonAppData%\Microsoft\Windows Defender\Quarantine\ResourceData
%CommonAppData%\Microsoft\Windows Defender\Quarantine\Resources
%CommonAppData%\Microsoft\Windows Defender\Scans\History\Service\DetectionHistoryAdded: %CommonAppData%\Microsoft\Windows Defender\Scans\RtSigs\Data|*.*|RECURSE
-
I think these entries should be moved to Winapp3.ini
[Apple MobileSync Backups *]
[iTunes Previous Libraries *] -
CCleaner deletes files from "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick". After I restart the system, Windows Defender asks to run a quick scan again. I think deleting of these files should be excluded.
-
Revised Entry
[Windows Defender *]
LangSecRef=3024
Detect=HKLM\Software\Microsoft\Windows Defender
FileKey1=%CommonAppData%\Microsoft\Windows Defender\Network Inspection System\Support|*.txt;NisLog.txt.bak
FileKey2=%CommonAppData%\Microsoft\Windows Defender\Scans\BackupStore|*.*
FileKey3=%CommonAppData%\Microsoft\Windows Defender\Scans\History\CacheManager|*.*|RECURSE
FileKey4=%CommonAppData%\Microsoft\Windows Defender\Scans\History\Service|*.log
FileKey5=%CommonAppData%\Microsoft\Windows Defender\Scans\MetaStore|*.*|RECURSE
FileKey6=%CommonAppData%\Microsoft\Windows Defender\Support|*.*|RECURSERemoved. These files should not be deleted.
%CommonAppData%\Microsoft\Windows Defender\Scans|*.bin*
%CommonAppData%\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency|*.*|RECURSE -
New Entry
[Krita *]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Krita
FileKey1=%LocalAppData%\krita\cache|*.*|RECURSE
FileKey2=%LocalAppData%\|krita.log;krita-sysinfo.log -
Revised Entry
[Norton *]
LangSecRef=3024
DetectFile=%CommonAppData%\Norton
FileKey1=%CommonAppData%\Norton|*.log;*.txt
FileKey2=%CommonAppData%\Norton\LocalDumps|*.dmp
FileKey3=%CommonAppData%\NortonInstaller\Logs|*.*|RECURSE
FileKey4=%CommonAppData%\VPNService|*.logAdded: %CommonAppData%\VPNService|*.log
-
3 hours ago, SMalik said:
R-Wipe & Clean stores custom wipe lists here.
%AppData%\R-TT\RWC\WL
License file. This should not be added.
%ProgramFiles%\R-Wipe & Clean|*.txt
-
Looks like there is no option to edit the posts after a certain time.
-
On 21/09/2020 at 16:49, FreeRyde said:
New Entries:
[AOMEI Backupper *] LangSecRef=3024 DetectFile=%ProgramFiles%\AOMEI Backupper FileKey1=%CommonAppData%\AomeiBR|brlog.xml FileKey2=%ProgramFiles%\AOMEI Backupper\log|*.* FileKey3=%ProgramFiles%\AOMEI Backupper\AOMEI Image Deploy\log|*.* [CoinManage *] LangSecRef=3021 Detect=HKCU\Software\Liberty Street Software\CoinManage Detect2=HKCU\Software\Liberty Street Software\CoinManage Canada Default=False FileKey1=%ProgramFiles%\CoinManage*|*.txt [CoinManage Crash Reports *] LangSecRef=3021 Detect=HKCU\Software\Liberty Street Software\CoinManage Detect2=HKCU\Software\Liberty Street Software\CoinManage Canada Default=False FileKey1=%Documents%|CoinManage.zip;CRASH.DMP;ERRORLOG.TXT;XCrashReport.ini;XCRASHREPORT_Mon1.bmp [CurrencyManage *] LangSecRef=3021 Detect=HKCU\Software\Liberty Street Software\CurrencyManage Default=False FileKey1=%ProgramFiles%\CurrencyManage|*.txt [PrivaZer *] LangSecRef=3024 Detect=HKCU\Software\PrivaZer Default=False FileKey1=%LocalAppData%\PrivaZer|*.txt [PrivaZer Backups *] LangSecRef=3024 Detect=HKCU\Software\PrivaZer DetectFile=%ProgramFiles%\PrivaZer Default=False Warning=This deletes PrivaZer Registry backups. FileKey1=%LocalAppData%\PrivaZer\Registry backups|*.*|RECURSE FileKey2=%ProgramFiles%\PrivaZer\PrivaZer registry backups|*.*|RECURSE [R-Wipe & Clean *] LangSecRef=3024 Detect=HKLM\Software\R-TT\RWC Default=False FileKey1=%ProgramFiles%\R-Wipe & Clean|*.txt FileKey2=%AppData%\R-TT|*.*|REMOVESELF
R-Wipe & Clean stores custom wipe lists here.
%AppData%\R-TT\RWC\WL
-
-
Revised Entry
[MS Office *]
LangSecRef=3021
Detect1=HKCU\Software\Microsoft\Office\11.0
Detect2=HKCU\Software\Microsoft\Office\12.0
Detect3=HKCU\Software\Microsoft\Office\14.0
Detect4=HKCU\Software\Microsoft\Office\15.0
Detect5=HKCU\Software\Microsoft\Office\16.0
FileKey1=%AppData%\Microsoft\Document Building Blocks|*.*|RECURSE
FileKey2=%AppData%\Microsoft\Office|*.tmp|RECURSE
FileKey3=%AppData%\Microsoft\OIS|Toolbars.dat
FileKey4=%AppData%\Microsoft\UProof|*.bin;*.XML
FileKey5=%Documents%|~*.ppt;~*.pptx;~*.doc;~*.docx|RECURSE
FileKey6=%LocalAppData%\Microsoft Help|*.*
FileKey7=%LocalAppData%\Microsoft\Office\*|OneNoteOfflineCache.onecache
FileKey8=%LocalAppData%\Microsoft\Office\*\WebServiceCache\AllUsers\officeclient.microsoft.com|*.*|RECURSE
FileKey9=%LocalAppData%\Microsoft\Office\OTele|*.*|RECURSE
FileKey10=%LocalAppData%\Microsoft\OneNote\*|OneNoteOfflineCache.onecache
FileKey11=%LocalAppData%\Microsoft\OneNote\*\cache|*.*|RECURSE
FileKey12=%LocalAppData%\Microsoft\OneNote\*\OneNoteOfflineCache_Files|*.*|RECURSE
FileKey13=%LocalAppData%\Packages\oice_*\AC\Temp|*.*|RECURSE
FileKey14=%SystemDrive%|propfix.log
FileKey15=%WinDir%\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele|*.*|RECURSE
FileKey16=%WinDir%\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Office\OTele|*.*|RECURSE
RegKey1=HKCU\Software\Microsoft\Office\11.0\MSE|LastLoadedSolution
RegKey2=HKCU\Software\Microsoft\Office\11.0\MSE\FileMRUList
RegKey3=HKCU\Software\Microsoft\Office\11.0\MSE\ProjectMRUList
RegKey4=HKCU\Software\Microsoft\Office\11.0\MSE\SolutionMRUList
RegKey5=HKCU\Software\Microsoft\Office\12.0\Common\Internet|UseRWHlinkNavigation
RegKey6=HKCU\Software\Microsoft\Office\12.0\Word\Reading Locations
RegKey7=HKCU\Software\Microsoft\Office\14.0\Common\Internet|UseRWHlinkNavigation
RegKey8=HKCU\Software\Microsoft\Office\14.0\Word\Reading Locations
RegKey9=HKCU\Software\Microsoft\Office\15.0\Common\Internet|UseRWHlinkNavigation
RegKey10=HKCU\Software\Microsoft\Office\15.0\Word\Reading Locations
RegKey11=HKCU\Software\Microsoft\Office\16.0\Common\Internet|UseRWHlinkNavigation
RegKey12=HKCU\Software\Microsoft\Office\16.0\Word\Reading Locations
RegKey13=HKCU\Software\Microsoft\Office\Common|FontBmpCache
RegKey14=HKCU\Software\Microsoft\OfficeCustomizeWizard\12.0\RecentFileList
RegKey15=HKCU\Software\Microsoft\OfficeCustomizeWizard\14.0\RecentFileList
RegKey16=HKCU\Software\Microsoft\OfficeCustomizeWizard\15.0\RecentFileList
RegKey17=HKCU\Software\Microsoft\OfficeCustomizeWizard\16.0\RecentFileListAdded:
%LocalAppData%\Microsoft\Office\*\WebServiceCache\AllUsers\officeclient.microsoft.com|*.*|RECURSE -
New Entry
[Media Playback History *]
LangSecRef=3029
DetectFile=%LocalAppData%\Google\Chrome*
FileKey1=%LocalAppData%\Chrome*\User Data\*|Media History -
Revised Entries
[Adobe Reader DC *]
LangSecRef=3021
Detect=HKLM\Software\Adobe\Acrobat Reader\DC
FileKey1=%AppData%\Adobe\Acrobat\DC\Security\CRLCache|*.*|RECURSE
FileKey2=%CommonAppData%\Adobe\ARM|*.*|RECURSE
FileKey3=%LocalAppData%\Adobe\Acrobat\DC|IconCacheRdr*.dat;UserCache.bin
FileKey4=%LocalAppData%\Adobe\Acrobat\DC\ToolsSearchCacheRdr|*.*|RECURSE
FileKey5=%LocalAppData%\Adobe\ARM|*.*|RECURSE
FileKey6=%LocalLowAppData%\Adobe\Acrobat\DC|ReaderMessages
FileKey7=%LocalLowAppData%\Adobe\Acrobat\DC\ConnectorIcons|*.*|RECURSE
FileKey8=%LocalLowAppData%\Adobe\AcroCef\DC\Acrobat\Cache|*.*|RECURSE
RegKey1=HKCU\Software\Adobe\Acrobat Reader\DC\AVConnector\cIconCache
RegKey2=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionFromPDF
RegKey3=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionToPDF
RegKey4=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cDockables
RegKey5=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentToolsList
RegKey6=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cToolbars
RegKey7=HKCU\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles
RegKey8=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent
RegKey9=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsPrev
RegKey10=HKCU\Software\Adobe\Acrobat Reader\DC\ShareIdentity
RegKey11=HKCU\Software\Adobe\Adobe Synchronizer\DCAdded:
HKCU\Software\Adobe\Acrobat Reader\DC\AVConnector\cIconCache
[Ashampoo PDF Pro *]
LangSecRef=3021
Detect1=HKCU\Software\Ashampoo\Ashampoo PDF
Detect2=HKCU\Software\Ashampoo\Ashampoo PDF Pro 2
FileKey1=%LocalAppData%\Ashampoo PDF\*|lastFileOpenned.txt
RegKey1=HKCU\Software\Ashampoo\Ashampoo PDF\Find Replace
RegKey2=HKCU\Software\Ashampoo\Ashampoo PDF\Recent File ListAdded:
HKCU\Software\Ashampoo\Ashampoo PDF\Find Replace
[Windows Logs *]
LangSecRef=3025
Detect=HKLM\Software\Microsoft\Windows
FileKey1=%CommonAppData%\Microsoft\Network\Downloader|*.*|RECURSE
FileKey2=%CommonAppData%\Microsoft\Windows Security Health\Logs|*.*|RECURSE
FileKey3=%CommonAppData%\USOShared\Logs|*.*|RECURSE
FileKey4=%LocalAppData%\ConnectedDevicesPlatform|*.log
FileKey5=%LocalAppData%\Diagnostics|*.*|RECURSE
FileKey6=%ProgramFiles%\UNP\*Logs|*.*
FileKey7=%SystemDrive%\PerfLogs\System\Diagnostics|*.*|RECURSE
FileKey8=%SystemDrive%\PerfLogs\System\Performance|*.*|RECURSE
FileKey9=%WinDir%\AppCompat\Programs|*.txt;*.xml
FileKey10=%WinDir%\AppCompat\Programs\Install|*.txt;*.xml
FileKey11=%WinDir%\debug\WIA|*.log
FileKey12=%WinDir%\inf|*.log*
FileKey13=%WinDir%\Logs\CBS|*.cab
FileKey14=%WinDir%\Logs\DPX|*.log
FileKey15=%WinDir%\Logs\dosvc|*.*|RECURSE
FileKey16=%WinDir%\Logs\MoSetup|UpdateAgent.log
FileKey17=%WinDir%\Logs\NetSetup|*.*|RECURSE
FileKey18=%WinDir%\Logs\SIH|*.*|RECURSE
FileKey19=%WinDir%\Logs\WindowsBackup|*.etl
FileKey20=%WinDir%\Logs\WinREAgent|*.log
FileKey21=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html;PostGatherPnPList.log;PreGatherPnPList.log
FileKey22=%WinDir%\Panther\FastCleanup|*.log
FileKey23=%WinDir%\Panther\Rollback|*.txt
FileKey24=%WinDir%\Panther\UnattendGC|diagerr.xml;diagwrn.xml
FileKey25=%WinDir%\repair|setup.log
FileKey26=%WinDir%\security\logs|*.*|RECURSE
FileKey27=%WinDir%\System32\catroot2|*.chk;*.log;*.jrs;*.txt
FileKey28=%WinDir%\System32\LogFiles\HTTPERR|*.log
FileKey29=%WinDir%\System32\LogFiles\Scm|*.*|RECURSE
FileKey30=%WinDir%\System32\LogFiles\setupcln|*.*|RECURSE
FileKey31=%WinDir%\System32\LogFiles\Srt|*.*|RECURSE
FileKey32=%WinDir%\System32\LogFiles\WMI|*.*|RECURSE
FileKey33=%WinDir%\System32\SleepStudy|*.etl
FileKey34=%WinDir%\System32\SleepStudy\ScreenOn|*.etl
FileKey35=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml;*.log
FileKey36=%WinDir%\System32\WDI\*|snapshot.etl|REMOVESELF
FileKey37=%WinDir%\System32\WDI\LogFiles\StartupInfo|*.*|RECURSE
RegKey1=HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications
RegKey2=HKLM\Software\Microsoft\Tracing
RegKey3=HKLM\Software\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications
RegKey4=HKLM\Software\Wow6432Node\Microsoft\TracingAdded:
%WinDir%\Logs\DPX|*.log
%WinDir%\Logs\MoSetup|UpdateAgent.log
%WinDir%\Logs\WinREAgent|*.log -
Revised Entry
Added: FileKey8, RegKey7 and RegKey8
[Adobe Reader DC *]
LangSecRef=3021
Detect=HKLM\Software\Adobe\Acrobat Reader\DC
FileKey1=%AppData%\Adobe\Acrobat\DC\Security\CRLCache|*.*|RECURSE
FileKey2=%LocalAppData%\Adobe\Acrobat\DC|IconCacheRdr*.dat;UserCache.bin
FileKey3=%LocalAppData%\Adobe\Acrobat\DC\ToolsSearchCacheRdr|*.*|RECURSE
FileKey4=%LocalAppData%\Adobe\ARM|*.*|RECURSE
FileKey5=%LocalLowAppData%\Adobe\Acrobat\DC|ReaderMessages
FileKey6=%LocalLowAppData%\Adobe\Acrobat\DC\ConnectorIcons|*.*|RECURSE
FileKey7=%LocalLowAppData%\Adobe\AcroCef\DC\Acrobat\Cache|*.*|RECURSE
FileKey8=%CommonAppData%\Adobe\ARM|*.*|RECURSE
RegKey1=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionFromPDF
RegKey2=HKCU\Software\Adobe\Acrobat Reader\DC\AVConversionToPDF
RegKey3=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cDockables
RegKey4=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentToolsList
RegKey5=HKCU\Software\Adobe\Acrobat Reader\DC\AVGeneral\cToolbars
RegKey6=HKCU\Software\Adobe\Acrobat Reader\DC\RememberedViews\cNoCategoryFiles
RegKey7=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent
RegKey8=HKCU\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsPrev
RegKey9=HKCU\Software\Adobe\Acrobat Reader\DC\ShareIdentity
RegKey10=HKCU\Software\Adobe\Adobe Synchronizer\DC
Winapp2.ini additions
in CCleaner
Posted
Revised Entry
[Windows Logs *]
LangSecRef=3025
Detect=HKLM\Software\Microsoft\Windows
FileKey1=%CommonAppData%\Microsoft\Diagnosis\DownloadedSettings|*.json.bk
FileKey2=%CommonAppData%\Microsoft\Network\Downloader|*.*|RECURSE
FileKey3=%CommonAppData%\Microsoft\WDF|*.*|RECURSE
FileKey4=%CommonAppData%\Microsoft\Windows Security Health\Logs|*.*|RECURSE
FileKey5=%CommonAppData%\USOShared\Logs|*.*|RECURSE
FileKey6=%LocalAppData%\ConnectedDevicesPlatform|*.log
FileKey7=%LocalAppData%\Diagnostics|*.*|RECURSE
FileKey8=%ProgramFiles%\UNP\*Logs|*.*
FileKey9=%SystemDrive%\PerfLogs\System\Diagnostics|*.*|RECURSE
FileKey10=%SystemDrive%\PerfLogs\System\Performance|*.*|RECURSE
FileKey11=%WinDir%\AppCompat\Programs|*.txt;*.xml
FileKey12=%WinDir%\AppCompat\Programs\Install|*.txt;*.xml
FileKey13=%WinDir%\debug\WIA|*.log
FileKey14=%WinDir%\inf|*.log*
FileKey15=%WinDir%\Logs\CBS|*.cab
FileKey16=%WinDir%\Logs\dosvc|*.*|RECURSE
FileKey17=%WinDir%\Logs\NetSetup|*.*|RECURSE
FileKey18=%WinDir%\Logs\SIH|*.*|RECURSE
FileKey19=%WinDir%\Logs\WindowsBackup|*.etl
FileKey20=%WinDir%\Panther|cbs.log;DDACLSys.log;miglog.xml;Migrep.html;PostGatherPnPList.log;PreGatherPnPList.log
FileKey21=%WinDir%\Panther\FastCleanup|*.log
FileKey22=%WinDir%\Panther\Rollback|*.txt
FileKey23=%WinDir%\Panther\UnattendGC|diagerr.xml;diagwrn.xml
FileKey24=%WinDir%\repair|setup.log
FileKey25=%WinDir%\security\logs|*.*|RECURSE
FileKey26=%WinDir%\System32\CatRoot|*.tmp
FileKey27=%WinDir%\System32\catroot2|*.chk;*.log;*.jrs;*.txt
FileKey28=%WinDir%\System32\LogFiles\HTTPERR|*.log
FileKey29=%WinDir%\System32\LogFiles\Scm|*.*|RECURSE
FileKey30=%WinDir%\System32\LogFiles\setupcln|*.*|RECURSE
FileKey31=%WinDir%\System32\LogFiles\Srt|*.*|RECURSE
FileKey32=%WinDir%\System32\LogFiles\WMI|*.*|RECURSE
FileKey33=%WinDir%\System32\SleepStudy|*.etl
FileKey34=%WinDir%\System32\SleepStudy\ScreenOn|*.etl
FileKey35=%WinDir%\System32\sysprep\Panther\IE|diagerr.xml;diagwrn.xml;*.log
FileKey36=%WinDir%\System32\WDI\*|snapshot.etl|REMOVESELF
FileKey37=%WinDir%\System32\WDI\LogFiles\StartupInfo|*.*|RECURSE
RegKey1=HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications
RegKey2=HKLM\Software\Microsoft\Tracing
RegKey3=HKLM\Software\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications
RegKey4=HKLM\Software\Wow6432Node\Microsoft\Tracing
Added:
%CommonAppData%\Microsoft\Diagnosis\DownloadedSettings|*.json.bk
%CommonAppData%\Microsoft\WDF|*.*|RECURSE
%WinDir%\System32\CatRoot|*.tmp