Pour les utilisateurs

Fermer

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Recherche
Recherche

Contacter-nous !
Support 24/24 | Rules regarding submitting

Envoyer un message

Requête à l'aide du formulaire

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -
Créer une nouvelle requête

Nous téléphoner

0 825 300 230

Profil

FR

RU CN DE EN ES FR IT JP KZ UZ PL BY
Fermer
Services support
Scanners
Dr.Web vxCube
Démo
Bibliothèque virale
Base documentaire

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Actualités

Trojan.Crossrider.23061

Added to the Dr.Web virus database: 2014-06-15

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • %WINDIR%\Tasks\4dee1783-8e49-44d5-98e3-e9cb592f1f59-1.job
  • %WINDIR%\Tasks\4dee1783-8e49-44d5-98e3-e9cb592f1f59-4.job
  • %WINDIR%\Tasks\temp_4dee1783-8e49-44d5-98e3-e9cb592f1f59-2.job
  • %WINDIR%\Tasks\4dee1783-8e49-44d5-98e3-e9cb592f1f59-2.job
  • %WINDIR%\Tasks\4dee1783-8e49-44d5-98e3-e9cb592f1f59-11.job
  • %WINDIR%\Tasks\4dee1783-8e49-44d5-98e3-e9cb592f1f59-3.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'
Malicious functions:
Creates and executes the following:
  • '%PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59-4.exe' /fSLpVFQ /pnpuU='PlusHD-V1.3' /jMXYmOLPX='%PROGRAM_FILES%\PlusHD-V1.3\58360.xpi' /VBtgVUai=58360 /yONuOQk='001344' /xchAEhtO='0' /XDCLUj='0' /xmnFNyyvw=A3F87E42F7CF4EAF965D35E85F1F4864IE /ehSybsdsG=b62e2ab7dfb08facad8cee6131966e37 /faQHx=1_34_06_10 /bJOvGamW=1.34.6.10 /GLBYx=1410234264 /BylaF=http://st###.#atagenserv.com /ignLS=http://er####.datagenserv.com /ASTVjoKh=300 /PvVSdVbDP=ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com /xChukZi=0.94 /aYSwe=aba9147e3ae8c4ced9c9a240425bd7d8e6ddffb66c97442d787529e6a4ec073b0com58360 /GqLfwW=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/58360.rdf /yfwuQP='PlusHD-V1.3' /cIDbdE='Turn YouTube videos to High Definition by default' /uqWvs='PlusHDv' /RLwUc=ie /CSusfCARE='{"asw":[0, 0]}' /zuOTFLyah /QZjNMuvP /lwZeLiPA /xbgVPe='http://up####.datagenserv.com/ff_agent_updates/{CAMP_ID}/update.json' /MYHWTGga /FDDyvKhbM='installer' /tjYerIl='%TEMP%\PlusHD-V1.3Installer_1410234264.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /svc
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /handoff "appguid={d6cc5db5-49e6-4be3-891b-d84dada8fbea}&appname=420091d4-2aad-4fd4-831a-52aec314a47b&needsadmin=True&lang=en" /installsource otherinstallcmd /sessionid "{ECC56D2A-6747-4D33-9123-601C86CD6D57}" /silent
  • '%PROGRAM_FILES%\PlusHD-V1.3\PlusHD-V1.3-codedownloader.exe' /imNsojua /pnpuU='PlusHD-V1.3' /VBtgVUai=58360 /yONuOQk='001344' /xchAEhtO='0' /XDCLUj='0' /xmnFNyyvw=A3F87E42F7CF4EAF965D35E85F1F4864IE /ehSybsdsG=b62e2ab7dfb08facad8cee6131966e37 /faQHx=1_34_06_10 /bJOvGamW=1.34.6.10 /GLBYx=1410234264 /BylaF=http://st###.#atagenserv.com /ignLS=http://er####.datagenserv.com /RLhsf=http://js.###agenserv.com /RLwUc=ie /PGtEGWvMx=http://js.####ntdemocloud.com /zuOTFLyah /CSusfCARE='{"asw":[0, 0]}' /FDDyvKhbM=installer /tjYerIl='%TEMP%\PlusHD-V1.3Installer_1410234264.log' /BpLWKnr='file://%TEMP%\nsf6.tmp\extensionData'
  • '%PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59-2.exe' /Izcof /pnpuU='PlusHD-V1.3' /VBtgVUai=58360 /yONuOQk='001344' /xchAEhtO='0' /XDCLUj='0' /xmnFNyyvw=A3F87E42F7CF4EAF965D35E85F1F4864IE /ehSybsdsG=b62e2ab7dfb08facad8cee6131966e37 /faQHx=1_34_06_10 /GLBYx=1410234264 /BylaF=http://st###.#atagenserv.com /ignLS=http://er####.datagenserv.com /vHsDt=11111111-1111-1111-1111-110511831160 /RLwUc=ie /xGUzC /zuOTFLyah /xbgVPe='http://up####.datagenserv.com/ie_enable_agent_updates/{CAMP_ID}/update.json' /FDDyvKhbM='installer' /tjYerIl='%TEMP%\PlusHD-V1.3Installer_1410234264.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntFQ0M1NkQyQS02NzQ3LTREMzMtOTEyMy02MDFDODZDRDZENTd9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezEzNTdCMzE5LTA0NjQtNEEzMi05NkVELUEyNkRFMkEzOTg3RX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0ie0Q2Q0M1REI1LTQ5RTYtNEJFMy04OTFCLUQ4NERBREE4RkJFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMTA3Mjg5Njc2MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg==
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntFQ0M1NkQyQS02NzQ3LTREMzMtOTEyMy02MDFDODZDRDZENTd9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0FDOTkzNEY2LThCNTktNDc5OS1BMjdDLTMxNTMzMTQ0OUQ0OX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48L2FwcD48L3JlcXVlc3Q-
  • '%PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59-3.exe' /fkVFpeRC=dSIvQ7dT9/uPoi7oHFl5cOIT87m7BSo11DkWhy710Jpw5n2JGpJxQsM5+tht+wW2m8iXdelCF8ymUigEGjigOChsAmAQIk2eu5iMkT8Af0enSk1MGtksxiT2c9P2yqpaStOzGbSgpWqRqKWYlqCMDO1soRgN/HVK8YoM4ZO1kGfC/mjTb8Lq9jmHnvUoET41aDYl/C3jmBwijPrday2Wj70vP60bgN7KG21n8JHhaJ3sOM/9Z96kr3ikTV68Cy5/S8bk11yqT81GyNXoWkI8J1BIHULqFvcfkK39ERUpmJQK7jdQFtbjozlm3k0GXIenjkCXhi2+dW1FoCm3ozn0eSlu/TOl0kPiZFtDZUMWLs0Rc4YNYebR4RZkqW2Tjd8OmU8o2Riz3xj/Vf4pp0E5vQdPtF5hQRzC/MqHLFtINTUs1UAeXSxLWbtcGHbTrv7fuz7VZmCm2u1weFituNeL2xwV/vWRDIK1jsVodfCJx+PRuN45X8yGbPy45n6y5Za6XC+I+M7PfkdvkY/TZqzZ/vkeUy7psVBJTy0yAsNKo9WLTyXruJPZwwAR4hY8xbwP6pOh+Ww9vhyFRXELSu0ZHv4tsKhNkBZSR11onlXXDTTsdJ+RVbqftSCvIuBQKwyX3nNJ50kxAPtiCLIasjtrqueIrzZmOabmDFSwc71W3PmhEHd1Spwxt5Q6voCvE9kFqvAQu6RkwWJvcW1A9XGADDBU/Ut5gG9FhaH6A4kdL4vwVPV1pPJqLeyiza615KH/vyG2nCdN+tfkVlLYqZNaUhj+0suiZkr7tTsBhkUTZJ+iHOrHKRFD/uKcgWUEVAqzYl07jjTPlHVgJzh51UW7J1oaWS2mTggt8A4pv2CtDEiRWlTZQmtiBaSQnQJZo8Aa0qXe3ABGdalVrnNDRRf9T9Ygr2RTFJW7ZCsPjTR/1nby45qqO90KPYJqqy8BuXJ/s9TJO39YF+koJ1PGaeP+Y3tq/cmyImJ+PXRslCeZNiOX7jLqLKNMR/OXhdhjjC/nEDfZSKAbancq4e6irzRQf2KZ1hqs3Z5PL076EwK8fzSVdCThQJF5w4h3OTnnLEQpszVwFxusmnGaC/X4vQtaH3PzVCRzUeu5uA1IFhoTBExP5vXDd7UmFYkcYvyQRxafARORDWEi+EP9pVbpzzqMW+RukCOa7fr0qxjxbeanTV8US+A/nmyjQWP0KaI4I7uonW/bFI51wFWMaf82Tqfnn6+3Ybn4KMHgDMER7yiCmy0pJb6ObWYbxxq3oKWC8/YUY/tnKU8dpOwvveCN0vJDyFlng0hbiYrTlzgjNf9Hsp2mxk2+/DbR1HtalcIyWgrDN8uGggeeiKNsem3UeE7yqg==
  • '%TEMP%\comh.68476\GoogleUpdate.exe' /silent /install "appguid={d6cc5db5-49e6-4be3-891b-d84dada8fbea}&appname=420091d4-2aad-4fd4-831a-52aec314a47b&needsadmin=True&lang=en"
  • '%TEMP%\nsj3.tmp\Jkcceyevwa.exe'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regserver
  • '%PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59-11.exe' /fkVFpeRC=f5v+hmnbCngO9oxKmT5Unu2FW30ZuBSpjVkbPY8utynJEhp0qnaXZvfF19p5T8Se+cDWw0SF2TIDZAkci11Cm33Wm8IcQMJnD54KqSzZJTFsg1bg2jRUJbE1EHHnkYeyi+rRQdzHL81AOrSBAz7+gOBokhI+bb3vk/piyvlIxy1y4l9UsBLIshwo6cGEpjE5PtsAVjqivoY1ng9lhi43QGZTtgxg9kTOi/sFqPD/hW3SmLgrwJOsOPCANd1M+QvmhiJ1oKQIlUvyfFhpv6XiHPhPdi4FuXRaiCEIXjoY3DZG7aHIGQ+KyAz/tBfndU3yUDJZf7OewXo+MsEpH1uEWxQLpwCJgC4ND6+s0FmJCyrVpjI+MjkHNh6j6kvIp//2wvf1noJ6iVvarS8GQhtApW97rEIW6n09+yw+598HwMfyyK+pQ+k7qD6o7J/wUzeBq1Fioaxi1T00uYe/nxn4vCUcMZdA0xvhFyYnldzDgQ1TncMVH/YUsmRzDO6t777GAE7g3ZcHPVH4GLd3v6LkRZgNsxcw6rCQYWzLMjMNcKH6E5XAOLH8IGtPAJI/wtUnJAv2Xp5reLoAAxQ+whyApSpQFc/IlZEJldj6LWwe6bT066uEYYZiRDeQyt9X8Wg71Meb8MY1hGBrytZOjs3r+XyL9GRLuOHpGhut05CMxq+aUWyQjxzwsswXbsIQyu3XIyvqN/SwZjFK23OQ5J+wS5rcGIc2NzDzw3rgrW3Y/FrdyIDWf52nx8nkE9JpBg6ouP5MJaeswOm7HIGdakBOvNjM249Gi4Uzbsj+bOCAqFnsS3T6YSGhehGHPJ7dPJdCNNWECcYYXguilxoMdhyJnovp+HafTD3xzn1HVyMnpFvHKnyj0WCoPMnWm37X1EbFJAZmm3XmztpyyJkCAquuSSkdSQiaUiPBTXojNffGU8be/Xbzq6QxiBg1oK0npWGql8ZrvnnrxbmiKQMs2SsaesYgyx8SuxxJ0mIIN2HZslS1bC7ETz2EkvkSQ2VCvH51QolX2XC3R24C9v0kQ3MZo/vQktzNlaoca4FPjA7tqP9RAq2csGLcb5ml81lMRH+5PAEWq9hTMjj4JN48cIyix2kpWapH6oeVerGfXG2OCz+etZmTs+p7Azgvcrk8kOZ5U1tlh01E+IfEaS4Kkn1gbNFbVmcdRUzSLRNYK/qm/fuMvzezZV6gRGyIYHVm7hnkGXPYCAscIHJdltdxQn0m3LRZFiEnU+7FX4wC1ObwkVqt7Tk61ZGpdK5aC/X5nPgdV9ZmYegC6iewgwizxVdWbddzCklzWgQ0dnrsqPyUjCJPcMQ7HRSL193Thmb2uDCco9eqMApcDtItSRhkmzrnQVwmbdpMKSTT7/mw0evnojXby2w4bOBPCNJlt+6X1BPpeZ+q/VgzXav0pJ/66C19yAWMpxVEO7NR7wlzZ8As4lhhXn/T6jasCUhfES0ziwyNu6bemFVQn0GkbOUxGFjNOptGRjpFoZQ824lf3Vr2tCQ8irOtLyZhSRtzuxGrEFcHmrt1jMNgvLijhZ2QeCUx9T1bNjvc33Ie759RG5jyKbI5k9T/9KpfKG6KUgxMVhUphROgbwvlZF2/WQacR+IXBbRYKhXH1Ybe1R7ZHhruAKDQkUx1mS8pWuhWCBhKZb8AeaOQmnKyYm5oZQRiUzO64Q9cigt2d3gRXioNA9sUCAU=
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc
Executes the following:
  • '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\PlusHD-V1.3\PlusHD-V1.3-bho.dll"
  • '<SYSTEM32>\msiexec.exe' /V
Terminates or attempts to terminate
the following user processes:
  • chrome.exe
  • opera.exe
  • iexplore.exe
  • firefox.exe
Modifies file system :
Creates the following files:
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\icon48.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\736d4e6e577992e6a2a155cb9ccbf7b5.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\58c25cfbcc37e73d7e2b52981648d694.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\popup.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\button5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\button2.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\update.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\04d3d028ee36bc33763bed407163d274.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\939998328b7172396cffb3f1cf182342.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\2b4bbe9616ae64969b193849e4b1021c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\59c7ba852af52b43b8c1cafbfc45ac61.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\fb51c5c7ad24c9e7c94e5b02b003fa42.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\46e07b518b3aa7b77f46bc1ddd3bc7ae.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\3f862517c121e8b21155dd5c3d8d6e68.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\ba415693d661507204262f4357d9c892.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\skin.css
  • %TEMP%\nsf6.tmp\extensionData\plugins.json
  • %TEMP%\nsf6.tmp\extensionData\manifest.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %TEMP%\nsf6.tmp\extensionData\plugins\1.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\119.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\104.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\102.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\button4.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\button1.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\button3.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\icon24.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\icon16.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\crossrider_statusbar.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\icon128.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\skin\panelarrow-up.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\721c404fdc162301ee613402611972d1.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\62f196f1c4908adb7e5ea9aae4ea5a46.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\f8e4a4d29f0e97c983b218dd467a16a4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\c5bd06adadd95b0310814896821f9d26.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\f477a0564eb997f724a74e941ec29014.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\716b014be43d260e3e2b644b49f56a8b.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\e14bf520da5fbd45ccb66c0fcab298c6.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\6e33779260f54c608494515bd8f1ba7b.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\783ce13ccbe645e9e9c7115b1e58aae4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\options.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\ca3ce681802712e77ef9bd34faa12633.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\ad2551860d1619010e8c2a3cd1bc4c08.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\browser.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\a4ca40558ebda575029950e382a19e6c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\7988a2fc5f6d933e94821b0dfaf6c808.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\cf904aee13aa4b68709caadfc0190240.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\4efa3e3b3f4dadef5c97843472da1d56.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\d5736b059cf910372d33cde25c2cf0a8.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\fc8f4105f8b8411b4f5e3fa9ece093bc.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\ef8cd6a0a781486ea2aabeaa6b8fbc90.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\174f129f8d665a5ce9527bb9bff2c2b7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\848484d70379e7d95f88d32444b71912.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\243cec2f3737c4216eee122193efd06c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\api\9eccc37961072ce1bedc07415bfa4b37.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\b1b1214a8fe7bb60fc5ec6b4cb50f156.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\713e83b60c5c614fb063ccf1fcac5d18.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\acbf54f12d65037627699db8ab87082f.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\installer.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\50c8cfc4c917d91b36ea8894c026d11f.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\1083df9051674ac74723e954b72209d9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\9371a0a1ac24a129671791a8f7768d55.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\core\ca89f301e8ee8481c73b10d5de97b411.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\123.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\42.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\41.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\40.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\43.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\46.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\45.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\44.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\4.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\35.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\3.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\28.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\36.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\39.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\38.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\37.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\47.js
  • %PROGRAM_FILES%\PlusHD-V1.3\PlusHD-V1.3-bho.dll
  • %TEMP%\nsf6.tmp\extensionData\userCode\extension.js
  • %TEMP%\nsf6.tmp\extensionData\userCode\background.js
  • %PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59-2.exe
  • %PROGRAM_FILES%\PlusHD-V1.3\PlusHD-V1.3-codedownloader.exe
  • %PROGRAM_FILES%\PlusHD-V1.3\PlusHD-V1.3-bg.exe
  • %PROGRAM_FILES%\PlusHD-V1.3\background.html
  • %TEMP%\nsf6.tmp\extensionData\plugins\94.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\72.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\7.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\64.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\78.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\93.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\91.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\9.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\273.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\184.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\183.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\182.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\191.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\207.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\2.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\195.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\180.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\155.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\14.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\13.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\17.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\179.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\178.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\177.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\21.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\260.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\257.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\246.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\262.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\269.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\265.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\263.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\244.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\221.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\220.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\22.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\223.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\242.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\232.js
  • %TEMP%\nsf6.tmp\extensionData\plugins\231.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\02df794fd1593a600a369b299f576ee7.js
  • %TEMP%\nsf6.tmp\ExecDos.dll
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
  • %TEMP%\Cab9.tmp
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
  • %PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59-3.exe
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %PROGRAM_FILES%\PlusHD-V1.3\58360.crx
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %TEMP%\Cab7.tmp
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • %TEMP%\CabB.tmp
  • %PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59.crx
  • %PROGRAM_FILES%\PlusHD-V1.3\360-58360.crx
  • %PROGRAM_FILES%\PlusHD-V1.3\1293297481.mxaddon
  • %WINDIR%\Installer\382ae.msi
  • C:\Config.Msi\382b1.rbs
  • %WINDIR%\Installer\MSID.tmp
  • %PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59-11.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
  • %PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
  • %TEMP%\nsf6.tmp\InstallerUtils2.dll
  • %TEMP%\nsf6.tmp\InstallerUtils.dll
  • %TEMP%\nsf6.tmp\System.dll
  • %TEMP%\nsf6.tmp\nsisos.dll
  • %TEMP%\nsf6.tmp\inetc.dll
  • %TEMP%\nsf6.tmp\UserInfo.dll
  • %TEMP%\nsf6.tmp\md5dll.dll
  • %TEMP%\nsf6.tmp\StdUtils.dll
  • %TEMP%\nsj3.tmp\Xhwmnm.tmp
  • %TEMP%\nsj3.tmp\System.dll
  • %TEMP%\nsu2.tmp
  • %TEMP%\nsj3.tmp\WrapperUtils.dll
  • %TEMP%\nsf5.tmp
  • %TEMP%\nsj3.tmp\StdUtils.dll
  • %TEMP%\nsj3.tmp\Jkcceyevwa.exe
  • %TEMP%\nsf6.tmp\update.json
  • %TEMP%\comh.68476\goopdate.dll
  • %TEMP%\comh.68476\GoogleUpdateOnDemand.exe
  • %TEMP%\comh.68476\GoogleUpdateHelper.msi
  • %TEMP%\comh.68476\goopdateres_en.dll
  • %TEMP%\comh.68476\psuser.dll
  • %TEMP%\comh.68476\psmachine.dll
  • %TEMP%\comh.68476\npGoogleUpdate4.dll
  • %TEMP%\comh.68476\GoogleUpdateBroker.exe
  • %TEMP%\nsf6.tmp\400720
  • %PROGRAM_FILES%\PlusHD-V1.3\utils.exe
  • %TEMP%\nsf6.tmp\4972
  • %TEMP%\comh.68476\GoogleUpdate.exe
  • %TEMP%\comh.68476\GoogleCrashHandler.exe
  • %PROGRAM_FILES%\PlusHD-V1.3\Uninstall.exe
  • %PROGRAM_FILES%\PlusHD-V1.3\58360.xpi
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\178.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\64.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\220.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\223.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\184.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\72.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\191.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\262.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\263.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\177.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\14.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\260.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\246.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\22.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\265.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\102.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\bd718b61c969fab2dc88675dd1fc0c9f.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\options.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\userCode\background.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\dialog.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\search_dialog.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\ffCoreFilesIndex.txt
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome\content\background.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\userCode\extension.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\17.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\257.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\78.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\47.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\207.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\98.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\13.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\104.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\28.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\180.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\183.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\268.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\179.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\155.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\273.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\232.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\locale\en-US\translations.dtd
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\install.rdf
  • %PROGRAM_FILES%\PlusHD-V1.3\4dee1783-8e49-44d5-98e3-e9cb592f1f59-4.exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\defaults\preferences\prefs.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\manifest.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins.json
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\chrome.manifest
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\123.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\119.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\231.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\1.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\182.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\195.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\21.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\93.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\221.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\244.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\16.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\242.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ba9147e3-ae8c-4ced-9c9a-240425bd7d8e@6ddffb66-c974-42d7-8752-9e6a4ec073b0.com\extensionData\plugins\91.js
Deletes the following files:
  • %WINDIR%\Installer\382ae.msi
  • C:\Config.Msi\382b1.rbs
  • %WINDIR%\Installer\382b0.ipi
  • %WINDIR%\Tasks\temp_4dee1783-8e49-44d5-98e3-e9cb592f1f59-2.job
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %TEMP%\Cab7.tmp
  • %TEMP%\nsf6.tmp\4972
  • %TEMP%\Cab9.tmp
  • %WINDIR%\Installer\MSID.tmp
  • %TEMP%\CabB.tmp
Network activity:
Connects to:
  • 'ts####.ws.symantec.com':80
  • 'cr#.#hawte.com':80
  • 'localhost':1044
  • 'localhost':1050
  • 'localhost':1045
  • 'er####.datagenserv.com':80
  • 'up####.datagenserv.com':80
  • 'st###.#atagenserv.com':80
  • 'www.download.windowsupdate.com':80
  • 'lo##.##tagenserv.com':80
TCP:
HTTP GET requests:
  • up####.datagenserv.com/omaha/D6CC5DB5-49E6-4BE3-891B-D84DADA8FBEA/1/update.xml?ra########################################################################################################################################################################################
  • up####.datagenserv.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?ra########
  • ts####.ws.symantec.com/tss-ca-g2.crl
  • up####.datagenserv.com/omaha/D6CC5DB5-49E6-4BE3-891B-D84DADA8FBEA/1/update.xml?ra########
  • up####.datagenserv.com/omaha/D6CC5DB5-49E6-4BE3-891B-D84DADA8FBEA/1/ping.xml?ra#####
  • up####.datagenserv.com/omaha/D6CC5DB5-49E6-4BE3-891B-D84DADA8FBEA/1/ping.xml?ra########
  • lo##.##tagenserv.com/monetization.gif?ra######################################################################################################################################################################
  • st###.#atagenserv.com/installer.gif?ac####################################################################################################################################################################################################################################################################################################################################################################################################################################
  • er####.datagenserv.com/installer-error.gif?ac########################################################################################################################################################################################################################################################################################################################################################################################################
  • up####.datagenserv.com/installer_updates/001344/update.json
  • lo##.##tagenserv.com/monetization.gif?ev#############################################################################################################################################################################################################################################################################################################################################################################
  • cr#.#hawte.com/ThawteTimestampingCA.crl
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
UDP:
  • DNS ASK www.download.windowsupdate.com
  • DNS ASK cr#.#hawte.com
  • DNS ASK ts####.ws.symantec.com
  • DNS ASK lo##.##tagenserv.com
  • DNS ASK up####.datagenserv.com
  • DNS ASK er####.datagenserv.com
  • DNS ASK st###.#atagenserv.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Recommandations pour le traitement

  1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
  2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.
Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

Version démo gratuite

 

Télécharger Dr.Web sur le site

Par le numéro de série

Télécharger Dr.Web sur l'Apple Store

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

  1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
  2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
    • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
    • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
    • Débranchez votre appareil et rebranchez-le.

En savoir plus sur Dr.Web pour Android

Free trial

14 days

Download now
Get it on Google Play