Adware.Ebuyer
*file
C\Windows\System32\Tasks\e-Buyer Updater
C\Users\{USERNAME}\AppData\Local\ebuyer\ebuyer\1.4.4.4\res.dll
C\Users\{USERNAME}\AppData\Local\ebuyer\ebuyer\1.4.4.4\fobkbCag.dll
C\Users\{USERNAME}\AppData\Local\ebuyer\ebuyer\1.4.4.4\ebuyerup.exe
C\Users\{USERNAME}\AppData\Local\ebuyer\ebuyer\1.4.4.4\ebuyer.exe
C\Users\{USERNAME}\AppData\Local\ebuyer\ebuyer\1.4.2.5\res.dll
C\Users\{USERNAME}\AppData\Local\ebuyer\ebuyer\1.4.2.5\eemrfpbm.dll
C\Users\{USERNAME}\AppData\Local\ebuyer\ebuyer\1.4.2.5\ebuyerup.exe
C\Users\{USERNAME}\AppData\Local\ebuyer\ebuyer\1.4.2.5\ebuyer.exe
*reg_key
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | e-buyer
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ebuyer
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ishop
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30C4DE80-461B-426C-88D2-BF1A66C6627A}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-Buyer Updater
*reg_val
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ebuyer.exe
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ebuyerup.exe
Adware.SmartCloud
*file
C\Program Files\SmartCloudInput\1.0.9.0119\SCCloud.exe
C\Program Files\SmartCloudInput\1.0.9.0119\SCMiNi.exe
C\Program Files\SmartCloudInput\1.0.9.0119\SCMutual.exe
C\Program Files\SmartCloudInput\1.0.9.0119\SCService.exe
C\Program Files\SmartCloudInput\1.0.9.0119\SCTool.exe
C\Program Files\SmartCloudInput\1.0.9.0119\SCUninst.exe
C\Program Files\SmartCloudInput\1.0.9.0119\SCUtil32.exe
*reg_key
HKLM\SOFTWARE\Classes\SmartCloudPYImeDictFile
HKLM\SOFTWARE\Classes\SmartCloudPYImeSkinFile
HKLM\SOFTWARE\SmartCloud
HKLM\SOFTWARE\SmartCloudInput
HKLM\SOFTWARE\SmartCloudService
HKLM\SYSTEM\ControlSet001\Services\SmartCloudIMEV1
HKLM\SYSTEM\CurrentControlSet\Services\SmartCloudIMEV1
Trojan.Ghapoly, BestCleaner
Trojan.TCClock, PDFCracker
