Jump to content
CCleaner Community Forums
Winapp2.ini

Winapp2.ini additions

Recommended Posts

Looks like he removed Filekey 1 - 4 and added Filekey 1 to remove all logs in there. The others only had parts of the Logs folder.

 

Does anyone know why we add entries for regenerating files? It seems kinda pointless to add entries for files that regenerate.

Share this post


Link to post
Share on other sites

Regenerating files often grow larger over time and that's one reason to clean them. And why not clean them?

Share this post


Link to post
Share on other sites

I was just wondering and I suppost some do grow over time, as well. I just thought if they regenerate back, then why add an entry to it. Seems like a waste of space for Winapp2.

Share this post


Link to post
Share on other sites

You could report what did you add/edit?

After the iOS 7 update, iDevices are getting more crash logs than before with some other wild cards. So instead of listing all of the wild cards seperately, it covers all of them. I have attached some snapshots for more info.

 

 

 

 

 

Share this post


Link to post
Share on other sites

Revised Entries

Added Detect2 and FileKey2

 

[samsung Kies Backup*]
LangSecRef=3023
Detect=HKCU\Software\Samsung\Kies2.0
Detect2=HKCU\Software\Samsung\Kies3.0
Default=False
Warning=Removing backups will prevent you from restoring your data later.
FileKey1=%Documents%\samsung\Kies\backup|*.*|RECURSE
FileKey2=%Documents%\samsung\Kies3\backup|*.*|RECURSE

 

Added Detect2, FileKey2 and FileKey3

 

[samsung Kies More*]
LangSecRef=3023
Detect=HKCU\Software\Samsung\Kies2.0
Detect2=HKCU\Software\Samsung\Kies3.0
Default=False
FileKey1=%AppData%\Samsung\Kies|*.mlca;*.mlme;*.mlpb;*.mlpgb;|RECURSE
FileKey2=%Documents%\samsung\Kies3\backup|*.dmp|RECURSE
FileKey3=%Documents%\SelfMV|*.log

Share this post


Link to post
Share on other sites

A friend of mine uses Winapp2.ini which I send to him on each update.  On his Windows 7 x86 system, he uses Windows Live Mail.  The code below wipes out his password to Windows Live Mail every time he runs CCleaner which is something he does not want.  I don't use Windows Live Mail or for that matter Windows Live anything on my systems, so I cannot test which line entry is clearing out the password.  My friend is not savvy enough for me to request that he edit Winapp2.ini to test.  My opinion is that Winapp2.ini should not clear out password.  I suspect that it is FileKey1 that is the culprit.  Perhaps, if the group contributors agree, someone who uses Windows Live Mail could test this and recommend how to "fix" it.

[Windows Live Photo Gallery*]
LangSecRef=3023
Detect=HKCU\Software\Microsoft\Windows Live\Photo Gallery
Default=False
FileKey1=%LocalAppData%\Microsoft\Credentials|*.*|RECURSE
FileKey2=%LocalAppData%\Microsoft\Windows Live Photo Gallery|*.*|RECURSE
RegKey1=HKCU\Software\Microsoft\Windows Live\Photo Gallery|galleryscopedfolders
RegKey2=HKCU\Software\Microsoft\Windows Live\Photo Aquisition\Camera|FinenameTemplate
RegKey3=HKCU\Software\Microsoft\Windows Live\Photo Aquisition\Camera|RootDirectory

Share this post


Link to post
Share on other sites

I use Windows Live Mail too and that's what the entry cleaned for me:

C:\Users\XXX\AppData\Local\Microsoft\Credentials\1F958F461A650323F4972AF3AAF84297	2 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\5045A5FF47402F978D6CEFB212DB2892	2 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\5B0C3184CA8305BCFE59EC16E5D02182	2 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\6BAF984F708D7181864C81C6C34BD884	2 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\6CE103A5EEA1447E4ACE82507184E5E7	2 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\6EE5F082E76CAB4A38027660187CBCDA	2 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\878221B1E2B7D70DF764A6777ACE8A2E	3 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D	3 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\E26CE06B53C14B17265502E49D9974D8	2 KB
C:\Users\XXX\AppData\Local\Microsoft\Credentials\EB919572BE1B3FF5F61D329254EE499E	2 KB 
I have three Accounts set in Live Mail and on next start it asked me for the password of my primary account (only) and created these files in that folder.

http://i.imgur.com/wSOMpf4.png

All of which are hidden until you display system files. Opened some of them in Notepad but they are not clear to read ("Null" and stuff).

Share this post


Link to post
Share on other sites

So it does appear the FileKey1 is clearing the password.  My suggestion is that Winapp2.ini remove the FileKey1 line from this block of code so the password is not deleted.

Share this post


Link to post
Share on other sites

EDIT:

 

[Performance Maintainer*]
LangSecRef=3024
DetectFile=%ProgramFiles%\PC Starters\Performance Maintainer
FileKey1=%ProgramFiles%\PC Starters\Performance Maintainer\log|*.*|RECURSE
FileKey2=%ProgramFiles%\PC Starters\Performance Maintainer\Backups|*.*|RECURSE
FileKey3=%ProgramFiles%\PC Starters\Performance Maintainer\Logs|*.*|RECURSE

 

Added FileKey 2 and 3. These folders are created after installing some extenstions that come with the program.

Share this post


Link to post
Share on other sites

updated

 

 

 

What's new in winapp2.ini 4.13.140424

General:

20 New Entries
15 Modified Entries
03 Removed Entries


Verbose:

------------------------------------------------------------------------------

New Entries:

[ARO 2011*]
LangSecRef=3024
Detect=HKCU\software\Sammsoft\ARO\Version 2011
Default=False
FileKey1=%AppData%\Sammsoft\ARO\Version 2011\Logs|*.txt

[Dell PC Doctor*]
LangSecRef=3024
DetectFile=%CommonAppData%\PCDr
Default=False
FileKey1=%CommonAppData%\PCDr|*.dmp|RECURSE

[Dell Support Center*]
LangSecRef=3021
DetectFile=%LocalAppData%\SupportSoft\DellSupportCenter
Default=False
FileKey1=%LocalAppData%\SupportSoft\DellSupportCenter\*\state\logs|*.*

[EaseUS MobiSaver for Android*]
LangSecRef=3021
Detect=HKLM\SOFTWARE\EaseUS\Mobisaver for Android
Default=False
FileKey1=%SystemDrive%\EaseUS MobiSaver for Android Temp Backup|*.*|RECURSE
FileKey2=%ProgramFiles%\EaseUS\EaseUS MobiSaver for Android\bin|CommDbg.txt;Eaolog;easeusue.log;mbs;PR.log

[Facebook Messenger*]
LangSecRef=3022
DetectFile=%LocalAppData%\Facebook\Messenger
Default=False
FileKey1=%LocalAppData%\Facebook\Messenger|*.log|RECURSE

[Fast Clean Pro*]
LangSecRef=3024
Default=False
DetectFile=%LocalAppData%\Fastcleanpro
Default=False
FileKey1=%LocalAppData%\Fastcleanpro\logs|*.*

[FEZ*]
Section=Games
Detect=HKCU\Software\Valve\Steam\Apps\224760
Default=False
FileKey1=%AppData%\FEZ|Debug Log.txt

[Ford Sync My iTunes*]
LangSecRef=3023
DetectFile=%AppData%\Ford Motor Company
Default=False
FileKey1=AppData%\Ford Motor Company\logs|*.*

[Foxit Reader 6.0 Crash Dumps*]
LangSecRef=3021
Detect=HKCU\Software\Foxit Software\Foxit Reader 6.0
Default=False
FileKey1=%LocalAppData%\Foxit Reader\|*.DMP;*.TXT;*.zip;*.reg

[JetBrains dotPeek v1.1*]
LangSecRef=3024
Detect=HKLM\SOFTWARE\JetBrains\dotPeek
Default=False
FileKey1=%LocalAppData%\JetBrains\dotPeek\v1.1\Caches|*.*|REMOVESELF

[Kinetic Jump Updater*]
LangSecRef=3021
DetectFile=%LocalAppData%\Kjs.AppLife.Update
Default=False
FileKey1=%LocalAppData%\Kjs.AppLife.Update|*.log

[Lazarus Saved Forms*]
LangSecRef=3026
SpecialDetect=DET_MOZILLA
Default=False
FileKey1=%AppData%\Mozilla\Firefox\Profiles\*|lazarus.sqlite;lazarus-backup.sqlite

[Mojo*]
LangSecRef=3022
DetectFile=%AppData%\Deusty\Mojo
Default=False
FileKey1=%AppData%\Deusty\Mojo\*|*.log
FileKey2=%LocalAppData%\Deusty\Mojo|crash*.txt

[Nidhogg*]
Section=Games
DetectFile=%AppData%\Nidhogg
Default=False
FileKey1=%AppData%\Nidhogg|*.log

[ooVoo Toolbar*]
LangSecRef=3022
DetectFile=%LocalLowAppData%\oovootoolbar
Default=False
FileKey1=%LocalLowAppData%\oovootoolbar|log.txt

[steam Packages*]
Warning=Running this entry is not recommended if you run Steam Client Beta.
Section=Games
Detect=HKCU\Software\Valve\Steam
Default=False
FileKey1=%ProgramFiles%\Steam\package|*.zip.*
ExcludeKey1=FILE|%ProgramFiles%\Steam\package\steam_client_win32.manifest
ExcludeKey2=FILE|%ProgramFiles%\Steam\package\steam_client_win32.installed
ExcludeKey3=FILE|%ProgramFiles%\Steam\package\steam_client_publicbeta_win32.installed
ExcludeKey4=FILE|%ProgramFiles%\Steam\package\steam_client_publicbeta_win32.manifest

[sRWare Iron debug.log*]
LangSecRef=3029
DetectFile=%ProgramFiles%\SRWare Iron
Default=False
FileKey1=%ProgramFiles%\SRWare Iron|debug.log

[Tific Client*]
LangSecRef=3021
DetectFile=%LocalAppData%\Tific
Default=False
FileKey1=%LocalAppData%\Tific|*.log|RECURSE

[Toshiba Book Place Cache*]
LangSecRef=3021
DetectFile=%AppData%\Book Place
Default=False
FileKey1=%AppData%\Book Place\Cache|*.*|RECURSE

[Toshiba Book Place Log*]
LangSecRef=3021
DetectFile=%AppData%\Book Place
Default=False
FileKey1=%AppData%\Book Place\log|*.*|RECURSE

[Toshiba FlashCards*]
LangSecRef=3021
DetectFile=%LocalAppData%\TOSHIBA\FlashCards
Default=False
FileKey1=%LocalAppData%\TOSHIBa\FlashCards|log.txt

------------------------------------------------------------------------------

Modified Entries:

[Aimersoft Video Converter Ultimate More*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Aimersoft\Aimersoft Video Converter Ultimate
Default=False
FileKey1=%ProgramFiles%\Aimersoft\Video Converter Ultimate\TempThumbDir|*.*|RECURSE

    - Renamed
    - Removed lines included in CCleaner v4.13

[ComboFix*]
LangSecRef=3024
DetectFile=%SystemDrive%\Qoobox
Default=False
Warning=This will delete ComboFix History. Do not delete until you have reviewed these logs.
FileKey1=%SystemDrive%\Qoobox|*.txt
FileKey2=%SystemDrive%\Qoobox\Quarantine|*.log
FileKey3=%SystemDrive%\CE.tmp|*.*|REMOVESELF
FileKey4=%SystemDrive%\D6.tmp|*.*|REMOVESELF
FileKey5=%SystemDrive%\Qoobox\LastRun|*.*|REMOVESELF
FileKey6=%SystemDrive%\Qoobox\Test|*.*|REMOVESELF
FileKey7=%SystemDrive%\Qoobox\TestC|*.*|REMOVESELF
FileKey8=%SystemDrive%|ComboFix.txt

    - Changed DetectFile
    - Added FileKey8

[Games For Windows Logs*]
Section=Games
DetectFile=%LocalAppData%\Microsoft\GFWLive
Default=False
FileKey1=%CommonAppData%\Microsoft\GFWLive\Install\Logs|*.log
FileKey2=%LocalAppData%\Microsoft\GFWLive|*.log|RECURSE
FileKey3=%ProgramFiles%\Microsoft Games for Windows - LIVE\Client|dotNetFx40_Client_setup.exe

    - Added FileKey3
    
[iTunes Logs*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Apple Computer, Inc.\iTunes
Default=False
FileKey1=%AppData%\Apple Computer\Logs|*.*|RECURSE
FileKey2=%WinDir%\System32\config\systemprofile\AppData\Roaming\Apple Computer\Logs|*.*|RECURSE
FileKey3=%WinDir%\SysWOW64\config\systemprofile\AppData\Roaming\Apple Computer\Logs|*.*|RECURSE

    - Condensed FileKeys1-4 into FileKey1
    
[Microsoft Security Essentials*]
LangSecRef=3021
Detect=HKCU\Software\Microsoft\Microsoft Antimalware
Default=False
FileKey1=%CommonAppData%\Microsoft\Microsoft Antimalware\LocalCopy|*.*|RECURSE
FileKey2=%CommonAppData%\Microsoft\Microsoft Antimalware\Scans\History\Service|*.log|RECURSE
FileKey3=%CommonAppData%\Microsoft\Microsoft Security Client\Support|MSSecurityClient*.log

    - Added FileKey3

[Microsoft XNA Game Studio*]
Section=Games
Detect1=HKLM\SOFTWARE\Wow6432Node\Microsoft\XNA
Detect2=HKLM\Software\Microsoft\XNA
Default=False
FileKey1=%ProgramFiles%\Microsoft XNA\XNA Game Studio\*\Redist|*.*|REMOVESELF

    - Fixed FileKey1
    
[Performance Maintainer*]
LangSecRef=3024
DetectFile=%ProgramFiles%\PC Starters\Performance Maintainer
Default=False
FileKey1=%ProgramFiles%\PC Starters\Performance Maintainer\log|*.*|RECURSE
FileKey2=%ProgramFiles%\PC Starters\Performance Maintainer\Backups|*.*|RECURSE
FileKey3=%ProgramFiles%\PC Starters\Performance Maintainer\Logs|*.*|RECURSE

    - Added FileKey2 and 3

[Roxio Log Files*]
LangSecRef=3021
Detect=HKCU\Software\Roxio
Default=False
FileKey1=%AppData%\Roxio Log Files|*.*|RECURSE
FileKey2=%AppData%\Roxio\Dragon\3.x\DeviceDetectionLogs|*.log
FileKey3=%AppData%\Roxio\Dragon\3.x\WriteLogs|*.log
FileKey4=%CommonAppData%\Roxio|*.log;cardinfo.*
FileKey5=%WinDir%\System32\config\systemprofile\AppData\Roaming\Roxio Log Files|*.*|RECURSE
FileKey6=%WinDir%\SysWOW64\config\systemprofile\AppData\Roaming\Roxio Log Files|*.*|RECURSE

    - Improved FileKey3

[samsung Kies Backup*]
LangSecRef=3023
Detect1=HKCU\Software\Samsung\Kies2.0
Detect2=HKCU\Software\Samsung\Kies3.0
Default=False
Warning=Removing backups will prevent you from restoring your data later.
FileKey1=%Documents%\samsung\Kies\backup|*.*|RECURSE
FileKey2=%Documents%\samsung\Kies3\backup|*.*|RECURSE

    - Added Version3 support

[samsung Kies More*]
LangSecRef=3023
Detect1=HKCU\Software\Samsung\Kies2.0
Detect2=HKCU\Software\Samsung\Kies3.0
Default=False
FileKey1=%AppData%\Samsung\Kies|*.mlca;*.mlme;*.mlpb;*.mlpgb;|RECURSE
FileKey2=%Documents%\samsung\Kies3\backup|*.dmp|RECURSE
FileKey3=%Documents%\SelfMV|*.log

    - Added Detect2, FileKeys2-3
    
[steam Installers*]
Section=Games
Detect=HKCU\Software\Valve\Steam
Warning=Only run this entry AFTER you have launched all of your steam games at least once, as they will not be able to properly load for the first time without these files. After the first launch, however, these files become useless.
Default=False
FileKey1=%ProgramFiles%\Steam\Steamapps\common|xliveredist*.msi;mcpp*.*;UnSetup.exe;firewallinstallhelper.dll;gameuxinstallhelper.dll;eadm-installer.exe;wmpappcompat.exe;umdf.exe;Microsoft .NET Framework*.cmd;Microsoft .NET Framework*.bat;NDP*.exe;WMFDist*.exe;Social Club*Setup.exe;PhysX*.msi;PhysX*.exe;Microsoft .NET Framework 4.0.cmd;vc2010redist*.exe;*d3dx11*.cat;*d3dx11*.inf;setup_BattlEyeARMA2*.exe;prompt.bat;GDFInstall.exe;DSInstaller.exe;directx_jun2010_redist.exe;Windows*.msu;Windows*-KB*.exe;cmp.bat;AMD_DCOptSetup.exe;D3D11Install_2010.exe;PVRTexTool.exe;wmp11-windowsxp-x86-enu.exe;*.vdk;RGB9RAST*.msi;WIC*.exe;XPSEPC*.exe;msxml6.msi;AdbeRdr*.*;*inst*.vdf;UE3Redist*.exe;*.cab;*.msp;netfx35*.exe;vcredist*.msi;ac3filter*.exe;wmv*VCMsetup.exe;vc_red.msi;gfwlivesetup.exe;GamesExplorerIntegrationTool.exe;install.ini;globdata.ini;vcredist.bmp;vc_red.exe;install.exe;install.res.*.dll;eula.*.*;xnafx40_redist.msi;DSETUP.DLL;oalinst.exe;DXSETUP.EXE;dsetup32.dll;D3D*Install.exe;D3D*Install*.dll;dotnetfx*.exe;vcredist*.exe;dxwebsetup.exe;xnafx31_redist.msi;WindowsInstaller*.exe;amdcpusetup.exe;locdata.*.ini;setupres.*.dll;setup.exe;wapres.*.dll;NetFx*.rtf;NetFx*.msu;NetFx*.msi|RECURSE

    - Improved FileKey1
    
[steam Logs*]
Section=Games
Detect=HKCU\Software\Valve\Steam
Default=False
FileKey1=%ProgramFiles%\Steam|*.log;*log.last;connection_log_*.txt;*_log.txt;remote_connections.txt;vr*_*.txt|RECURSE
FileKey2=%ProgramFiles%\Valve\Steam|Steam.log
FileKey3=%ProgramFiles%\Valve\Steam\SteamLogs|*.log
FileKey4=%AppData%\SteamVR\Logs|*.*|REMOVESELF

    - Improved FileKey1
        
[softGrid Client*]
LangSecRef=3022
DetectFile=%AppData%\SoftGrid Client
Default=False
FileKey1=%AppData%\SoftGrid Client\Icon Cache|*.*
FileKey2=%AppData%\SoftGrid client|*.tmp|RECURSE
FileKey3=%LocalAppData%\SoftGrid Client|*.tmp|RECURSE
FileKey4=%CommonAppData%\Microsoft\Application Virtualization Client\SoftGrid Client|*.tmp|RECURSE

    - Added FileKey4
    
[Windows Live Photo Gallery*]
LangSecRef=3023
Detect=HKCU\Software\Microsoft\Windows Live\Photo Gallery
Default=False
FileKey1=%LocalAppData%\Microsoft\Windows Live Photo Gallery|*.*|RECURSE
RegKey1=HKCU\Software\Microsoft\Windows Live\Photo Gallery|galleryscopedfolders
RegKey2=HKCU\Software\Microsoft\Windows Live\Photo Aquisition\Camera|FinenameTemplate
RegKey3=HKCU\Software\Microsoft\Windows Live\Photo Aquisition\Camera|RootDirectory

    - Removed old FileKey1
    
[Windows Live Setup Logs*]
LangSecRef=3022
Detect=HKLM\SOFTWARE\Microsoft\Windows Live
Default=False
FileKey1=%CommonAppData%\Microsoft\WLSetup\Cablogs|*.*|RECURSE
FileKey2=%CommonAppData%\Microsoft\WLSetup\Logs|*.*|RECURSE
FileKey3=%LocalAppData%\Microsoft\WLSetup\Cablogs|*.*|RECURSE
FileKey4=%LocalAppData%\Microsoft\WLSetup\Logs|*.*|RECURSE
FileKey5=%CommonAppData%\WLInstaller|*.log

    - Added FileKey5

    
------------------------------------------------------------------------------
Removed Entries:

[Honey Logs*]
LangSecRef=3026
SpecialDetect=DET_MOZILLA
Default=False
FileKey1=%AppData%\Mozilla\Profiles\*|honey.log

    - Made redundant with firefox logs*

[Marionette Log*]
LangSecRef=3026
SpecialDetect=DET_MOZILLA
Default=False
FileKey1=%AppData%\Mozilla\Firefox\Profiles\*|marionette.log

    - Made redundant with firefox logs*
    
[Wondershare Video Converter Pro*]
LangSecRef=3023
Detect=HKLM\SOFTWARE\Wondershare\Wondershare Video Converter Pro
Default=False
FileKey1=%ProgramFiles%\Wondershare Video Converter Pro\Log|*.*|RECURSE
FileKey2=%ProgramFiles%\Wondershare Video Converter Pro\TempThumbDir|*.*|RECURSE
FileKey3=%CommonAppData%\Wondershare Video Converter Pro|*.dat.bak
FileKey4=%CommonAppData%\Wondershare Video Converter Pro\TempSiteIconDir|*.*|RECURSE
FileKey5=%CommonAppData%\Wondershare Video Converter Pro\TempThumbDir|*.*|RECURSE

    - Included in CCleaner V4.13

------------------------------------------------------------------------------


 

 

 

Share this post


Link to post
Share on other sites

Hey all,

A nice little update as always ...

 

So I am sitting here looking at some of the entries, especially the once with 

 

Detect=HKLM\SOFTWARE\Microsoft\Windows

 

This entries are very, very vague (in my opinion) and causes a lot of false hits on my system.
Cant we make this sort of entries more target specific and not "to whom running Windows"  ?

Share this post


Link to post
Share on other sites

So it does appear the FileKey1 is clearing the password.  My suggestion is that Winapp2.ini remove the FileKey1 line from this block of code so the password is not deleted.

No problem. :)

Share this post


Link to post
Share on other sites

updated

Nice update and thanks a lot as always.

You seems to have missed some stuff here though:

 

http://forum.piriform.com/index.php?showtopic=32310&view=findpost&p=248206

The TF2 entry and the Steam .cache entry.

 

http://forum.piriform.com/index.php?showtopic=32310&view=findpost&p=247312

FileKey 4 and 7

 

http://forum.piriform.com/index.php?showtopic=32310&view=findpost&p=248290

The whole post (?)

Hope I don't miss something here.

Share this post


Link to post
Share on other sites

New:

[HostsMan Cache and Backups*]
LangSecRef=3024
DetectFile=%CommonAppData%\abelhadigital.com\HostsMan
Default=False
FileKey1=%CommonAppData%\abelhadigital.com\HostsMan|*.dat
FileKey2=%SystemDrive%\Users\Public\Documents\HostsMan Backups|*.*|RECURSE
FileKey3=%WinDir%\System32\drivers\etc|HOSTS.bak
Spybot detects these as "Tracks" (what CCleaner would call "Crap"):
HKEY_USERS\S-1-5-21-799454219-351346908-2829438886-1000\Software\Microsoft\Windows Media\WMSDK\General|VolumeSerialNumber
HKEY_USERS\S-1-5-21-799454219-351346908-2829438886-1000\Software\Microsoft\Windows Media\WMSDK\General|ComputerName
HKEY_USERS\S-1-5-21-799454219-351346908-2829438886-1000\Software\Microsoft\Windows Media\WMSDK\General|UniqueID
Should these be added in winapp2? They didn't cause any problems for me and shouldn't because they are classified as Tracks. Would be nice if someone could create a rule since I have no clue about RegKeys.

Share this post


Link to post
Share on other sites

Hey all,

A nice little update as always ...

 

So I am sitting here looking at some of the entries, especially the once with 

 

Detect=HKLM\SOFTWARE\Microsoft\Windows

 

This entries are very, very vague (in my opinion) and causes a lot of false hits on my system.

Cant we make this sort of entries more target specific and not "to whom running Windows"  ?

 

Most of the ones that use a detect like that are for windows subsystem-relevant entries, but if you find any that can be more accurate with a detect, let me know. I'll take a look myself and see if I can make things a bit more percise.

 

Nice update and thanks a lot as always.

You seems to have missed some stuff here though:

 

http://forum.piriform.com/index.php?showtopic=32310&view=findpost&p=248206

The TF2 entry and the Steam .cache entry.

 

http://forum.piriform.com/index.php?showtopic=32310&view=findpost&p=247312

FileKey 4 and 7

 

http://forum.piriform.com/index.php?showtopic=32310&view=findpost&p=248290

The whole post (?)

Hope I don't miss something here.

 

The TF2 keys have their own entry now

 

 

[Team Fortress 2 Cache and Cookies*]
Section=Games
Detect=HKCU\Software\Valve\Steam\Apps\440
Default=False
FileKey1=%ProgramFiles%\Steam\SteamApps\common\Team Fortress 2\config\cookies|*.*|RECURSE
FileKey2=%ProgramFiles%\Steam\SteamApps\common\Team Fortress 2\config\html\AppCache|*.*|RECURSE
FileKey3=%ProgramFiles%\Steam\SteamApps\common\Team Fortress 2\tf\cache|*.*|RECURSE
FileKey4=%ProgramFiles%\Steam\SteamApps\common\Team Fortress 2\tf\materials\temp|*.vtf|RECURSE

 

since Steam is a platform and TF2 is a specific game.

 

 

New:

[HostsMan Cache and Backups*]
LangSecRef=3024
DetectFile=%CommonAppData%\abelhadigital.com\HostsMan
Default=False
FileKey1=%CommonAppData%\abelhadigital.com\HostsMan|*.dat
FileKey2=%SystemDrive%\Users\Public\Documents\HostsMan Backups|*.*|RECURSE
FileKey3=%WinDir%\System32\drivers\etc|HOSTS.bak
Spybot detects these as "Tracks" (what CCleaner would call "Crap"):
HKEY_USERS\S-1-5-21-799454219-351346908-2829438886-1000\Software\Microsoft\Windows Media\WMSDK\General|VolumeSerialNumber
HKEY_USERS\S-1-5-21-799454219-351346908-2829438886-1000\Software\Microsoft\Windows Media\WMSDK\General|ComputerName
HKEY_USERS\S-1-5-21-799454219-351346908-2829438886-1000\Software\Microsoft\Windows Media\WMSDK\General|UniqueID
Should these be added in winapp2? They didn't cause any problems for me and shouldn't because they are classified as Tracks. Would be nice if someone could create a rule since I have no clue about RegKeys.

 

The regkeys work a lot like file keys, but I'm not sure those are worth deleting (they seem to identify the computer, unsure as to whether this is a function of hostsman or a privacy concern). If someone else thinks they are, I have no issue making the regkeys.

Share this post


Link to post
Share on other sites

The TF2 keys have their own entry now

 

[Team Fortress 2 Cache and Cookies*]
Section=Games
Detect=HKCU\Software\Valve\Steam\Apps\440
Default=False
FileKey1=%ProgramFiles%\Steam\SteamApps\common\Team Fortress 2\config\cookies|*.*|RECURSE
FileKey2=%ProgramFiles%\Steam\SteamApps\common\Team Fortress 2\config\html\AppCache|*.*|RECURSE
FileKey3=%ProgramFiles%\Steam\SteamApps\common\Team Fortress 2\tf\cache|*.*|RECURSE
FileKey4=%ProgramFiles%\Steam\SteamApps\common\Team Fortress 2\tf\materials\temp|*.vtf|RECURSE
 

since Steam is a platform and TF2 is a specific game.

 

The regkeys work a lot like file keys, but I'm not sure those are worth deleting (they seem to identify the computer, unsure as to whether this is a function of hostsman or a privacy concern). If someone else thinks they are, I have no issue making the regkeys.

 

Yes, the Steam entry and the TF2 one where intended to be separated. Secondly the Regkeys have nothing to do with Hostsman. Sorry for making such messy posts. :)

The Regkeys belong to Windows Media Player I believe. Websites can identify the user using these keys and I don't think they have any other function.

Share this post


Link to post
Share on other sites

Thanks for the update. You forgot to fix [Windows System Profile*] entry.

http://forum.piriform.com/index.php?showtopic=32310&p=247987

http://forum.piriform.com/index.php?showtopic=32310&p=247617

 

Revised Entry

 

Removed from the entry and added into the [LocalSystem Cached Certification Files*] entry.

FileKey3=%WinDir%\System32\config\SystemProfile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content|*.*
FileKey4=%WinDir%\System32\config\SystemProfile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData|*.*

[Windows System Profile*]
DetectOS=6.0
LangSecRef=3025
Detect=HKCU\Software\Microsoft\Windows
Default=False
FileKey1=%WinDir%\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files|*.*|RECURSE
FileKey2=%WinDir%\System32\config\systemprofile\AppData\Local\Temp|*.*|RECURSE
FileKey3=%WinDir%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies|*.*|RECURSE
FileKey4=%WinDir%\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache|*.*|RECURSE
FileKey5=%WinDir%\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files|*.*|RECURSE
FileKey6=%WinDir%\SysWOW64\config\systemprofile\AppData\Local\Temp|*.*|RECURSE
FileKey7=%WinDir%\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies|*.*|RECURSE
FileKey8=%WinDir%\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache|*.*|RECURSE

Share this post


Link to post
Share on other sites

EDIT:

 

[AMD/ATI*]
LangSecRef=3024
Detect1=HKLM\Software\AMD
Detect2=HKLM\Software\ATI
Detect3=HKLM\Software\ATI Technologies
DetectFile=%ProgramFiles%\ATI Technologies\ATI.ACE
FileKey1=%CommonAppData%\AMD\Fuel|*.txt
FileKey2=%CommonAppData%\AMD\KDB|*.log
FileKey3=%LocalAppData%\AMD\Fuel|ClientProxyLog*.*
FileKey4=%LocalAppData%\ATI\ACE|*.txt
FileKey5=%ProgramFiles%\AMD\OverDrive|*.log
FileKey6=%ProgramFiles%\AMD\amdkmpfd|*.*|REMOVESELF
FileKey7=%ProgramFiles%\ATI\CIM\Reports|*.*
FileKey8=%ProgramFiles%\ATI Technologies|*.log|RECURSE
FileKey9=%ProgramFiles%\ATI Technologies|cccutil64.txt
FileKey10=%SystemDrive%\ATI|*.*|REMOVESELF
FileKey11=%SystemDrive%\AMD|*.*|REMOVESELF
FileKey12=%WinDir%\System32|CCCInstall*.log
FileKey13=%WinDir%\SysWOW64|CCCInstall*.log

 

Added FileKey 6

Share this post


Link to post
Share on other sites

New:

[HostsMan Cache and Backups*]
LangSecRef=3024
DetectFile=%CommonAppData%\abelhadigital.com\HostsMan
Default=False
FileKey1=%CommonAppData%\abelhadigital.com\HostsMan|*.dat
FileKey2=%SystemDrive%\Users\Public\Documents\HostsMan Backups|*.*|RECURSE
FileKey3=%WinDir%\System32\drivers\etc|HOSTS.bak

FileKey1 in this recommended New code breaks HostsMan's option to "Mark all updates as not installed" and then re-download all the updates and build a fresh HOSTS file.  I recommend that FileKey1 not be included.

Share this post


Link to post
Share on other sites

FileKey1 in this recommended New code breaks HostsMan's option to "Mark all updates as not installed" and then re-download all the updates and build a fresh HOSTS file.  I recommend that FileKey1 not be included.

I have the latest version of Hostsman but I can't find that option. Are you sure we are talking about the same program?

Share this post


Link to post
Share on other sites

additional info for @qsdewa incase if you still can't find that option

you need to select Option > Updater > "Display updater windows when doing manual update"

then do manual update

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...