Pour les utilisateurs

Fermer

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Recherche
Recherche

Contacter-nous !
Support 24/24 | Rules regarding submitting

Envoyer un message

Requête à l'aide du formulaire

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -
Créer une nouvelle requête

Nous téléphoner

0 825 300 230

Profil

FR

RU CN DE EN ES FR IT JP KZ UZ PL BY
Fermer
Services support
Scanners
Dr.Web vxCube
Démo
Bibliothèque virale
Base documentaire

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Actualités

Trojan.Crossrider.27964

Added to the Dr.Web virus database: 2014-08-11

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • %WINDIR%\Tasks\748b0757-9e95-4f35-b739-3ce0d6ea483d-1.job
  • %WINDIR%\Tasks\748b0757-9e95-4f35-b739-3ce0d6ea483d-4.job
  • %WINDIR%\Tasks\temp_748b0757-9e95-4f35-b739-3ce0d6ea483d-2.job
  • %WINDIR%\Tasks\748b0757-9e95-4f35-b739-3ce0d6ea483d-2.job
  • %WINDIR%\Tasks\748b0757-9e95-4f35-b739-3ce0d6ea483d-11.job
  • %WINDIR%\Tasks\748b0757-9e95-4f35-b739-3ce0d6ea483d-3.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'
Malicious functions:
Creates and executes the following:
  • '%PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d-4.exe' /mfoOei /ivGKDm='video MediaPlay-Air' /YroxogYLU='%PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d.xpi' /sywcXNlqN=59599 /ipMQcVy='001673' /tGavZZ='0' /jqrbnHI='0' /yZtwz=F8F7B49B3B2C4A3180CA53A2C2DB158AIE /sdOcnejp=929fc7040e698bf1e53458b422443acf /Mpuww=1_34_07_01 /tIDoOVcLd=1.34.7.1 /THRfeM=1409928263 /jbEPe=http://st###.#enstatsnet.com /AOqMEMKFI=http://er####.genstatsnet.com /TDlbtL=300 /omxhrzmX=ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com /ncagNs=0.95 /wMkepiDvb=aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599 /iibxsGtwM=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/59599.rdf /awdJubQ='video MediaPlay-Air' /ulVKHxcBF='MediaPlayerEnhance Extension' /xPCOk='enter' /PWGNFnVAw=ie /XRQmuSjbS='{"asw":[0, 0, 0]}' /BCgfKDZqT /GxINeoL /UFDleiqq /JeVlF='http://up####.genstatsnet.com/ff_agent_updates/{CAMP_ID}/update.json' /fSFLiTI /strmlzPp='installer' /MluqbclGU='%TEMP%\video MediaPlay-AirInstaller_1409928263.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /svc
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /handoff "appguid={31f4c0d1-dc1f-4f0d-b1cc-eaab2aefedeb}&appname=771afb66-8cd3-4862-9998-970bd9640a4a&needsadmin=True&lang=en" /installsource otherinstallcmd /sessionid "{775B981D-0AE3-4586-ABF0-9A09F7E8E425}" /silent
  • '%PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-codedownloader.exe' /LxeTXzsIT /ivGKDm='video MediaPlay-Air' /sywcXNlqN=59599 /ipMQcVy='001673' /tGavZZ='0' /jqrbnHI='0' /yZtwz=F8F7B49B3B2C4A3180CA53A2C2DB158AIE /sdOcnejp=929fc7040e698bf1e53458b422443acf /Mpuww=1_34_07_01 /tIDoOVcLd=1.34.7.1 /THRfeM=1409928263 /jbEPe=http://st###.#enstatsnet.com /AOqMEMKFI=http://er####.genstatsnet.com /SbfFnn=http://js.###statsnet.com /PWGNFnVAw=ie /llaXMtNA='video MediaPlay-Air' /DNSYbH=http://js.####ntdemocloud.com /BCgfKDZqT /XRQmuSjbS='{"asw":[0, 0, 0]}' /strmlzPp=installer /MluqbclGU='%TEMP%\video MediaPlay-AirInstaller_1409928263.log' /fzoFppHyf='file://%TEMP%\nsw6.tmp\extensionData'
  • '%PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d-2.exe' /xBrjbvAJf /ivGKDm='video MediaPlay-Air' /sywcXNlqN=59599 /ipMQcVy='001673' /tGavZZ='0' /jqrbnHI='0' /yZtwz=F8F7B49B3B2C4A3180CA53A2C2DB158AIE /sdOcnejp=929fc7040e698bf1e53458b422443acf /Mpuww=1_34_07_01 /THRfeM=1409928263 /jbEPe=http://st###.#enstatsnet.com /AOqMEMKFI=http://er####.genstatsnet.com /fbKlMj=11111111-1111-1111-1111-110511951199 /PWGNFnVAw=ie /SXrXPZ /BCgfKDZqT /JeVlF='http://up####.genstatsnet.com/ie_enable_agent_updates/{CAMP_ID}/update.json' /strmlzPp='installer' /MluqbclGU='%TEMP%\video MediaPlay-AirInstaller_1409928263.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3NzVCOTgxRC0wQUUzLTQ1ODYtQUJGMC05QTA5RjdFOEU0MjV9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezUzMzBEM0Q4LTk0RTktNDRDQy05MzU1LTc4RUE1OTA0RTQ4N30iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezMxRjRDMEQxLURDMUYtNEYwRC1CMUNDLUVBQUIyQUVGRURFQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMTA3Mjg5Njc2MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg==
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins3NzVCOTgxRC0wQUUzLTQ1ODYtQUJGMC05QTA5RjdFOEU0MjV9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezdCNEQzQkMwLUMzMDAtNEI5NS04MEU5LURGOENFMTk3RTcyNX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48L2FwcD48L3JlcXVlc3Q-
  • '%PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d-3.exe' /uhqIvkdxV=pwlMnXJx8kSfcDMgKmG/kUuVeL2Eg6/b+n+oKmfT3gC3HjA59IfJqsP7tNduTHOKi0jggVP4GJQKob4lih/DvH7oFXh38kpvmHM1PhOaH4b/Tn3sgRI1GBCwFnLwjeIL51Lx+fxjeh5PSu3SAXSHFJR47mLuuw6I3HS31nSggjNisNN0ZG1g8fYLGO03OoEuE55GdbL0Tits9VVTk0OXQTSK2I61sIiXBTP6kM50KyLYYL1tlTSwVLlhGCMbEJ30nUz8FRgF539kTJjvZNOFDp58SXgAG0ehazhcSYEBfcOKqeWa2jiBrVGNb9YKTXPjEQ8DK2fLxdey8ok6O4IXaXjejiE8cGE7A//dv1F+QTsO6udd2zCX+1gsnogqGjvnmRfKnzaApo0oRmBnXGJEbMo9XAAkvmya08SrSCpjrXiZxr/XOHE5iQiDq7aMLsJN66tXmUQxoCJoS0BQEGXlmu6SotVBWunuDBCixpMzll0ZWuggzzLZqFormq31la2ZP0kBeSNAJ6PMfhqir13pEAZAgBGdGau/vihxebwbylTwIcUTjd9OHtlbvJZIPVYFfv5qu4+qKtM6/zIqbgNojP27niVNkg0SUZXwGWaGHsjB2r1nrQv1rSD/9JNHDCZp99IM+opxzVKb/eihwiCtFhbXZ2crJTDdDMFivu1r6y8zg76oskRzn/mLZ7RbQq27uAQQMuGU7HJr2Zfcn+ObS9g3o/QDVpkLD1OlvnLBIVc4kW8RS8wk5GeaK9OmLE85ntqMKwzRyZB9cSU9V5/9oeM2lnKlTvVpu/V4toAxaSnIjhNAL6yHVdrBtSKUyWx0PXVTQvF2qC/xd7CoACKr0qBMuNXrx/UN79Lb1qrCk9+UaODxk1PC71JNWc3gKMvYdswp+8wJS0bWq+RGsJjbRVDibWWgjIwgR/NiSKM00AuIB2NrUD1klReQ1VvSmw1U7ro/7aihJilsju93XYACCQ1Gkv1a6cQwQMDWdGX00jBlFmwTVkxpfL5ia70CrBAwZ89zW/30ge6Bz+2PVPOii6aBJ3ZnDtcL4T2ZcT2MFCDd0Gnu21HBbYFc960BSOkejfcaJ1/SbSlLjGhKg4Ijs+FvqZTDZXENpm95x8eS/TqyWCnnXHPl+ePTxj8gIRKX6mltUDu/IWW3dMhz4HqX4/iu4O5DwvKqLEsjID8PMTVLf0zjZp2d4Qx4cFyDPXk/ahZp3/GRKZPxhSarlhom6ZYqjMX/KM8KjDp8Auev0B5+MQWUJlXm22Y8UxhvQCSQxa4ID6+BGewD0MytM6GSgi4/MmfQ8QINpbBonxgM76VO+QijfCp+n1X4cUufdF8POFOCwLzpN4dPsMlsBvpn6QE36u51bLh5duVjkTwuQtAY9QVHs/Wvh5LlBZ6vm5tfeoiQSt8A5ZEoLaezqgMB+J5RacMH6537NHJvDKFWuaqBRbrsb+akn2kFddr8kOEflX+rmIST4N13XGH0GaZQOzJvvlwHZzLAxm/oPn7VtzkZiGjB7NUCW83Sqdyw91CE
  • '%TEMP%\comh.161999\GoogleUpdate.exe' /silent /install "appguid={31f4c0d1-dc1f-4f0d-b1cc-eaab2aefedeb}&appname=771afb66-8cd3-4862-9998-970bd9640a4a&needsadmin=True&lang=en"
  • '%TEMP%\nsx3.tmp\Yqfvgvozsaf.exe'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regserver
  • '%PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d-11.exe' /uhqIvkdxV=KA1bkNtDiqUgxA9tw+QNSmioYsAZIEsswplvR2nonHuab45V2Wl8eLDgsGw4/2Up4xfrn8MZu2siw7sh9I+s1y5BJSCqiUSH1oUy+GJ5ae0ZVfHKminJmyI/UILG8FtHSy6gfWdlksb5CE86tHZnczEA6PzXWue7qbonUNBTSF1nYswdCFT29oBeHdnAnxBLi8JbOEL3NR/SOa10ifebjOrlqyBhDpRFsUawS/+vrzkLE0Nh76XPA+vHGIS2NCgSGLx/aTHt+jflEggibA4O/OtplcYKGnwwt5ow12ddS/NxY24WdKkQ2PuO3u3HboVyUanPzE04ix2FvXR53rjrYCiv7NFiYEgRWDrgkFvQ+L94P0gIMlmKxrp0/uVcbRCKPW7YGpKXiQ9u0Xi3TY4agvSfzxB9gkaqXRbRRJP4GCzIXc8qBhy/Yr8OIgqv6g+o0W/R0eIRJHpEDXuQyNHDWkWcTR4kzWJDBgcKCrBceoX+yHVAQ/HXib5RYieQ7mncfSkqV0RUB3Ej+uSu6Ma2M2aiFQaVGfAj2MNNrBhlBNu1j3xcywA+Et3tgwZn64eFVocSpdjAc8qhSr5cIetti2pSBZiTNtojVo5Vi6rmNz5PKL8F0KTZ7jZdxhlM21LWwl675oOSRC6kPhhb8pfNL0o7y9geS0GGI5/u2ppFKJURECeYlPqneqT61FhoFPM1pSF0hIkb0OUqFcPaNg3cELXzm2tqD82HGEOxJsSxpQttl9qtJRTi91E+iJXMofP5+SIH/ZXfwG5Bw4OLHBrW8ABj3UdDGKk20G4SyQO3PvmGj2qxKrTR6Um80w6Qi+sMJBiauK95HBtc393Yd73j9B24fJxsoFewJhUN+u5++E4mVesTLtQvKYBXmsFg1gQxSuOLY+AUilpjlhb+fxvU8zkeltMzAQvGFd8VrPKZkQcpTeqfsO1QSe7lMJGSHKU0mrX6wQ+yJEXagXADzi1lyvYcsMCG+RkuNhJwLbfpcZJbALujmavzUDME1pC1frgPlt2vs4DPwfR6rKl07fUGrrH6CEmvdoMF8dT+JM6+pePAc5TPfNdfFuSQu9kzzcRVWfy34f+z+zZ7aIM+P458MJHIeWmnYFEx3p1QgPCj+/M7Ji4raPDbMYSO25Tcg+z79xHP36yaVaEXuYaJHlxEKnTBayKnzYBA2LCq2PaPC+cWoLV40InyAad7icARS5BT1ZCoytd6cIsPLQyPwFKX19uP17epAR4r2+4Y1NdGuS+G+csquYTG0Gk1WWVyCgihBhlgZVMogpSRv0lt3aAhoHZgYTA/71fVQc3XpLp6XYutNYymoC7RE9BbcBHvIeq2QOU1kdsAjRVQUpQmZy/K+GNYsozZRC7KOp0tYPMVMBR5C1Htqpym10PMwE5aPWpqmDD55hBfbuXUXMVlGWw4o8Y/kyHakFL6HvbdFx2u0GBfQIvfnBwZO4g2H96iuYv5PnIDVJYEotPrQlWerTgBADCoVToxWGoEoy2iddPAgHZOKbuklv9DVfiqJ1Mx2A20gUfiBAhMMxx35WAVpkjQxvbd2hv93lYYBdwrSRUVC7R7jtCj2DLl5JzN2CbnJFrL9X/gRql2rElgFY3y7FZAXqKa+gwyXHC1A0LjJglMLqK2ITjpF1TkWcLNdd9R/uApF649wswY9wQqcUIVmURajpqkRuwEVmxIlzkd1tznQ6zH6D6ogBwoiB2MqQz9YCKCFmWvvvwEzopu1HaIINGg5NgiI73uWAby9eLsn7zkZ60ZEpZBaXmRl9QAhAtf5wANowmUCNqXK1suHrFhrpEHd49DEpWzY/eHibJsFdmHX41dRGZxMT4jgoLFQBto/jNa5HobgSrdSype7y636FJR1g==
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc
Executes the following:
  • '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-bho.dll"
  • '<SYSTEM32>\msiexec.exe' /V
Terminates or attempts to terminate
the following user processes:
  • chrome.exe
  • opera.exe
  • iexplore.exe
  • firefox.exe
Modifies file system :
Creates the following files:
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\08161b4bf624918ff95b0ae3274116e5.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\c2e3d7d41e2b142b111cb1adccd3c1a3.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\9f6f01aaf37648b10504d662a58ad8b3.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\c8794cf532466c776c8d1af8f26bf946.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\popup.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\icon48.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\e5a882b5e42d21a196a2d4f2ee08eb25.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\87a74ed7a737d781eea17755c58628c9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\524577a93f16ec497926fa59c23d2da4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\c458fd7104e5d45d80be5701b937555c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\9727637962661d35a7b30c247e369032.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\0b10da64c2571478d6cc1dba8f02a3bc.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\71a703753cb289a357123b75eb32d4e3.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\528ed0d0b009f0bd1f2517e22f575cdc.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\b1a38ecef906d5c7d71450dd0ed48196.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\crossrider_statusbar.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\icon128.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\panelarrow-up.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button4.png
  • %TEMP%\nsw6.tmp\extensionData\plugins.json
  • %TEMP%\nsw6.tmp\extensionData\manifest.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\icon16.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button2.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\update.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\skin.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button1.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button3.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\icon24.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\777fbcd3f9ebf81435900e71d2fe8ac7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\c8fd17d8755b46ff5237f0978a21e44d.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\db757cca67543d3c80671d38521f8940.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\9ced5f09e6d906261acfc99c940c71b3.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\c3a4491b01c1a8e933073150b02b807d.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\8611ab9375a1ad21394dea477dbf4f4e.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\dafd04f5ff2a237a2128cdbd91ea9a04.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\0cfd644b5b55d227943dbdef71a6b871.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\browser.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\options.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\7e09960f4bfbf21fe8c47eee1517f2e8.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\3858d856817ae700ce2800c84edb450e.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\897dfb5454353a140545222f279bbb8a.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\e8e28236960455d113186345541aa663.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\536f11f5a8ac5831a2ab36c924b4262b.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\cbe29ee5186fa8abdace37c95f9e4fc4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\2985b594fd5e2a9acb55dde5698b6d6a.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\986e1cd70ed8068350488024df5c39e5.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\b9dae09236f7784f8234b81a8c346dd2.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\b7b80e363841aeb4cb68deb1608595d5.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\c388f13fd54528905b5f8c89d5e7d73f.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\ff7ffc9d22894e312afc73253f5704db.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\8b78df481931d0bedef9e81ec76eb7b2.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\f79c1349fc5344f89d33e08ea83549c6.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\5afd05159965f643fa08f991905e24ce.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\installer.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\47d32758fb13ec7fcc80faf7ef71b297.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\18275cf4487ea431a34c880b0ffcc8be.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\04635408c98d16c6f08af6759f17c56e.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\6dd31ba0bcc03046e6134fb92a2d03a5.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\43.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\42.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\41.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\44.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\47.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\46.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\45.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\40.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\36.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\35.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\3.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\37.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\4.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\39.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\38.js
  • %PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-bho.dll
  • %TEMP%\nsw6.tmp\extensionData\userCode\extension.js
  • %TEMP%\nsw6.tmp\extensionData\userCode\background.js
  • %PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d-2.exe
  • %PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-codedownloader.exe
  • %PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-bg.exe
  • %PROGRAM_FILES%\video MediaPlay-Air\background.html
  • %TEMP%\nsw6.tmp\extensionData\plugins\94.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\72.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\7.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\64.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\78.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\93.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\91.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\9.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\191.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\184.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\183.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\193.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\207.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\2.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\195.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\182.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\104.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\102.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\1.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\13.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\177.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\17.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\14.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\263.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\262.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\246.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\269.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\287.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\281.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\28.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\244.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\22.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\211.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\21.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\220.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\242.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\226.js
  • %TEMP%\nsw6.tmp\extensionData\plugins\221.js
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
  • %PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d-3.exe
  • %TEMP%\Cab7.tmp
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
  • %TEMP%\nsw6.tmp\ExecDos.dll
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
  • %TEMP%\comh.161999\psuser.dll
  • %PROGRAM_FILES%\video MediaPlay-Air\f90c4a98-8578-428c-a934-eb0287491d44.crx
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
  • %PROGRAM_FILES%\video MediaPlay-Air\1293297481.mxaddon
  • %WINDIR%\Installer\3e792.msi
  • %PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d.crx
  • %PROGRAM_FILES%\video MediaPlay-Air\f4fe4caf-f5ba-40f2-ade8-c0c1c522074f.crx
  • %PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
  • %TEMP%\CabB.tmp
  • %TEMP%\Cab9.tmp
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
  • %TEMP%\nsw6.tmp\InstallerUtils2.dll
  • %TEMP%\nsw6.tmp\InstallerUtils.dll
  • %TEMP%\nsw6.tmp\System.dll
  • %TEMP%\nsw6.tmp\nsisos.dll
  • %TEMP%\nsw6.tmp\inetc.dll
  • %TEMP%\nsw6.tmp\UserInfo.dll
  • %TEMP%\nsw6.tmp\md5dll.dll
  • %TEMP%\nsw6.tmp\StdUtils.dll
  • %TEMP%\nsx3.tmp\Hozehxaom.tmp
  • %TEMP%\nsx3.tmp\System.dll
  • %TEMP%\nss2.tmp
  • %TEMP%\nsx3.tmp\WrapperUtils.dll
  • %TEMP%\nsb5.tmp
  • %TEMP%\nsx3.tmp\StdUtils.dll
  • %TEMP%\nsx3.tmp\Yqfvgvozsaf.exe
  • %TEMP%\comh.161999\GoogleUpdateOnDemand.exe
  • %TEMP%\comh.161999\GoogleUpdateHelper.msi
  • %TEMP%\comh.161999\GoogleUpdateBroker.exe
  • %TEMP%\comh.161999\goopdate.dll
  • %TEMP%\comh.161999\psmachine.dll
  • %TEMP%\comh.161999\npGoogleUpdate4.dll
  • %TEMP%\comh.161999\goopdateres_en.dll
  • %TEMP%\comh.161999\GoogleUpdate.exe
  • %PROGRAM_FILES%\video MediaPlay-Air\utils.exe
  • %TEMP%\nsw6.tmp\update.json
  • %TEMP%\nsw6.tmp\48566
  • %TEMP%\comh.161999\GoogleCrashHandler.exe
  • %PROGRAM_FILES%\video MediaPlay-Air\Uninstall.exe
  • %TEMP%\nsw6.tmp\399312
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\64.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\287.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\220.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\191.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\193.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\184.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\72.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\262.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\14.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\104.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\177.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\246.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\22.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\263.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\dialog.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\options.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\userCode\background.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\background.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\3533183ba8a71e6c841526ee0fee1166.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\search_dialog.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\ffCoreFilesIndex.txt
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\userCode\extension.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\17.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\78.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\102.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\47.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\207.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\98.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\13.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins.json
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome.manifest
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\defaults\preferences\prefs.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\manifest.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\268.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\28.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\183.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\locale\en-US\translations.dtd
  • C:\Config.Msi\3e795.rbs
  • %WINDIR%\Installer\MSID.tmp
  • %PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d-11.exe
  • %TEMP%\MSI3f31b.LOG
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\install.rdf
  • %PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d-4.exe
  • %PROGRAM_FILES%\video MediaPlay-Air\748b0757-9e95-4f35-b739-3ce0d6ea483d.xpi
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\21.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\281.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\182.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\195.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\1.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\242.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\244.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\211.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\226.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\221.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\91.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\16.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\93.js
Deletes the following files:
  • %WINDIR%\Installer\3e792.msi
  • C:\Config.Msi\3e795.rbs
  • %WINDIR%\Installer\3e794.ipi
  • %WINDIR%\Tasks\temp_748b0757-9e95-4f35-b739-3ce0d6ea483d-2.job
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %TEMP%\Cab7.tmp
  • %TEMP%\nsw6.tmp\399312
  • %TEMP%\Cab9.tmp
  • %WINDIR%\Installer\MSID.tmp
  • %TEMP%\CabB.tmp
Network activity:
Connects to:
  • 'ts####.ws.symantec.com':80
  • 'cr#.#hawte.com':80
  • 'localhost':1047
  • 'localhost':1053
  • 'localhost':1048
  • 'er####.genstatsnet.com':80
  • 'up####.genstatsnet.com':80
  • 'st###.#enstatsnet.com':80
  • 'www.download.windowsupdate.com':80
  • 'lo##.##nstatsnet.com':80
TCP:
HTTP GET requests:
  • up####.genstatsnet.com/omaha/31F4C0D1-DC1F-4F0D-B1CC-EAAB2AEFEDEB/1/update.xml?ra#######################################################################################################################################################################################
  • up####.genstatsnet.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?ra#######
  • ts####.ws.symantec.com/tss-ca-g2.crl
  • up####.genstatsnet.com/omaha/31F4C0D1-DC1F-4F0D-B1CC-EAAB2AEFEDEB/1/update.xml?ra#######
  • up####.genstatsnet.com/omaha/31F4C0D1-DC1F-4F0D-B1CC-EAAB2AEFEDEB/1/ping.xml?ra#####
  • up####.genstatsnet.com/omaha/31F4C0D1-DC1F-4F0D-B1CC-EAAB2AEFEDEB/1/ping.xml?ra#######
  • lo##.##nstatsnet.com/monetization.gif?ra#####################################################################################################################################################################
  • st###.#enstatsnet.com/installer.gif?ac####################################################################################################################################################################################################################################################################################################################################################################################################################################
  • er####.genstatsnet.com/installer-error.gif?ac########################################################################################################################################################################################################################################################################################################################################################################################################
  • up####.genstatsnet.com/installer_updates/001673/update.json
  • lo##.##nstatsnet.com/monetization.gif?ev######################################################################################################################################################################################################################################################################
  • cr#.#hawte.com/ThawteTimestampingCA.crl
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
UDP:
  • DNS ASK www.download.windowsupdate.com
  • DNS ASK cr#.#hawte.com
  • DNS ASK ts####.ws.symantec.com
  • DNS ASK lo##.##nstatsnet.com
  • DNS ASK up####.genstatsnet.com
  • DNS ASK er####.genstatsnet.com
  • DNS ASK st###.#enstatsnet.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Recommandations pour le traitement

  1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
  2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.
Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

Version démo gratuite

 

Télécharger Dr.Web sur le site

Par le numéro de série

Télécharger Dr.Web sur l'Apple Store

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

  1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
  2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
    • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
    • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
    • Débranchez votre appareil et rebranchez-le.

En savoir plus sur Dr.Web pour Android

Free trial

14 days

Download now
Get it on Google Play