Pour les utilisateurs

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Contacter-nous !
Support 24/24 | Rules regarding submitting

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -

Nous téléphoner

0 825 300 230

Profil

Trojan.Crossrider.27415

Added to the Dr.Web virus database: 2014-08-02

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • %WINDIR%\Tasks\525ffbc1-07f5-4e56-ac45-baab68f08cb4-1.job
  • %WINDIR%\Tasks\525ffbc1-07f5-4e56-ac45-baab68f08cb4-4.job
  • %WINDIR%\Tasks\temp_525ffbc1-07f5-4e56-ac45-baab68f08cb4-2.job
  • %WINDIR%\Tasks\525ffbc1-07f5-4e56-ac45-baab68f08cb4-2.job
  • %WINDIR%\Tasks\525ffbc1-07f5-4e56-ac45-baab68f08cb4-11.job
  • %WINDIR%\Tasks\525ffbc1-07f5-4e56-ac45-baab68f08cb4-3.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
  • %WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'
Malicious functions:
Creates and executes the following:
  • '%PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4-4.exe' /NDXmamZy /NFoKmSN='123HD-Plus' /HhfQZpzOE='%PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4.xpi' /cZWgWLj=54150 /FWTzRkO='001352' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=744CD06E69CF4B3382CE268B52F5E644IE /sxOizXYj=a7cf3f6d0126dd665efb04fdb43d36f5 /jQNrIMjGd=1_34_07_01 /nvaiZVhJJ=1.34.7.1 /ltvgMQKG=1412859906 /MDmRYqnu=http://st###.#nfodatacloud.com /HMaFdVRe=http://er####.#nfodatacloud.com /cBYoGZa=300 /LJiCXQwsD=cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com /yaKioWY=0.95 /uKHIybg=acc793666df0d406099cc2ea865d37f8bad98d28915a94d3e99f4b785f6ea5d23com54150 /NRLkD=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/54150.rdf /jPPaqS='123HD-Plus' /qLSnphL='Shows all videos in HD quality by default.' /ShmPrYsfN='Object Browser' /nJJXXTS=ie /fnpAfR='{"asw":[0, 0, 0]}' /iyedQc /kVXfRrPb /LwCPHed /wPfoWRnOq='http://up####.#nfodatacloud.com/ff_agent_updates/{CAMP_ID}/update.json' /aShcLjU /PvTUcKz='installer' /nSpQUGZsJ='%TEMP%\123HD-PlusInstaller_1412859906.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /svc
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszNTZGNDU1Ny0zNTYyLTQzRjQtOUU2Mi0wM0RFRjhFNjhBRDJ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4NTBEMUFFLUIzRkEtNDY4NS1CQTQ0LUY3RTVDOTRCMzlBOH0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezIyQkE4QkM0LUI4RjktNDZERS05MTkxLTdENDEwMjEwRDM1NX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMTA3Mjg5Njc2MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg==
  • '%PROGRAM_FILES%\123HD-Plus\123HD-Plus-codedownloader.exe' /aFhaDYRCJ /NFoKmSN='123HD-Plus' /cZWgWLj=54150 /FWTzRkO='001352' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=744CD06E69CF4B3382CE268B52F5E644IE /sxOizXYj=a7cf3f6d0126dd665efb04fdb43d36f5 /jQNrIMjGd=1_34_07_01 /nvaiZVhJJ=1.34.7.1 /ltvgMQKG=1412859906 /MDmRYqnu=http://st###.#nfodatacloud.com /HMaFdVRe=http://er####.#nfodatacloud.com /fdNBQc=http://js.####datacloud.com /nJJXXTS=ie /OGbrXet='123HD-Plus' /MyVTAGeC=http://js.####ntdemocloud.com /iyedQc /fnpAfR='{"asw":[0, 0, 0]}' /PvTUcKz=installer /nSpQUGZsJ='%TEMP%\123HD-PlusInstaller_1412859906.log' /yukBgf='file://%TEMP%\nsr3.tmp\extensionData'
  • '%PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4-2.exe' /xUkBwVUhw /NFoKmSN='123HD-Plus' /cZWgWLj=54150 /FWTzRkO='001352' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=744CD06E69CF4B3382CE268B52F5E644IE /sxOizXYj=a7cf3f6d0126dd665efb04fdb43d36f5 /jQNrIMjGd=1_34_07_01 /ltvgMQKG=1412859906 /MDmRYqnu=http://st###.#nfodatacloud.com /HMaFdVRe=http://er####.#nfodatacloud.com /BPRIoMlL=11111111-1111-1111-1111-110511411150 /nJJXXTS=ie /iyedQc /wPfoWRnOq='http://up####.#nfodatacloud.com/ie_enable_agent_updates/{CAMP_ID}/update.json' /PvTUcKz='installer' /nSpQUGZsJ='%TEMP%\123HD-PlusInstaller_1412859906.log'
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /handoff "appguid={22ba8bc4-b8f9-46de-9191-7d410210d355}&appname=2498ba25-dc16-4b85-bc43-9fc2ed80645e&needsadmin=True&lang=en" /installsource otherinstallcmd /sessionid "{356F4557-3562-43F4-9E62-03DEF8E68AD2}" /silent
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc
  • '%TEMP%\comh.343858\GoogleUpdate.exe' /silent /install "appguid={22ba8bc4-b8f9-46de-9191-7d410210d355}&appname=2498ba25-dc16-4b85-bc43-9fc2ed80645e&needsadmin=True&lang=en"
  • '%PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4-11.exe' /tSwlxNC=BSipsQJtnRDz1VG+wI1IXEy62ttcLcpGZdqHwSgYrJbfv0shi3fOFg4ZJ0w0+2/rAmRY7GfvHeuUBci9KNI/qqOfdxM6Nu2zBLF7cU3xNYlt0EK+aQpc+Km1TBwoqxkm8r8Ej5wE7Z2BwxYzdryChnlUUGc+zT3VLYFj/Ko46V9PBh+mkIREZI3D2Drm2h24I5D94sj2aR+hLpVCCIGxUGZMiMDi8Lt6PyDeJBCnlCvUoCl5+vo9jQCqNXKyHr3LmP++WFCLy3F6T5N2hPMwh95fOULI/lV95H/xW9+EXEHbiPxVFhDoZmw21BrrVqCIWPRRF/pRQXOjJGQ2hDKNJp2IiIb6qHEyp5kWC0wCjlUKy9L0fWxXiX+dSOf9vtYcojSw5GUDu/Mn5CVpqqODZ3MOIyt6zn85L9Xg53C+U8TZ2/pIU5pQBzk4kDTbxu6PYz7LYIs8i+a1EwybBAIleesa47DdY6QQ2JgokGF2cQg805kEI8ZlSY17U24J8Qp2uJv/qQAMOs3/pGOlsZmpwcBJ9yUWNupJY6QsfM0n0/C5v8O0iMV9MpmsW85WLKAj5EQnHzrIDXle4iiBgBYZpq1ZkMadt+dcVqSe43tdS3INxqHEW+9e5yVtnG3zCEGRhmxiavShHuFsB4IS7oJL3XpkdcV2J3/mK4zs0tykyqydSkr5h9wINPAEwFm+mbNJwNA8ng/cJ6tl73zMlQdT7h8NMCAZaDIYCssaMd7WFHFbeI6uJBs/9hCyWpcAu6xMsV+w4Yg6zs7xbfQRYnPlAxnrwlIxyhw/zuZZ7onSDsypd0dOOyoAJ1K8og/wzGweVW+rSC9GFHgMAQwat+jiWW9hSH0ORTugpK7Fov9md6ny5Otuj6LiB+5fwQVOXLADVNHn1S5xeV8zHa0gFR5sMYT5nz8/9rXNYk13vo7tXjY6w0KhhX0QUTxW0vVT3+7J4G3jNQCx/siuQztqujaxlyh6L3589Q7nAUEurm8MM+XKtzuUQ5tJzW2vFoz7ZtEvXjSVp7nVgnNMJy8f57bUFCK0g4O9HCU4V5KEFR7Ec8aJkk4wpoIq4uyEmc95Nz2joVMoqIDzuS84nxO+o3qePgadhYu32UDRKW/4YW7aEWm3kkRb/6L4HNs90SxzMx3L4pJZ1LrqhswTrAL1kq7u4GvZQk5BJcni0yWqty119nbE3/qr5/DQ3j4ftMFubxfPorIWgEdYzciU7AHqW/iAL1459nCBfpVKLjHeFlpgsEOwMuiq/qwZOTvg0ogB9L52/011yEZzJM2XnQdVmt8pkWRf9b6VDg+N+ki6Kr+UmO654/zqNiM8h28KytQpSpxco/WrxhqdfizxWEg8tG3SMq6Oy3PzIGTAAEdZlqM0gaqflCVMDheJoKFH2xCXbRw6ko+Ew3ejPLeib77en/vxfZy2RLlDxj61kcCL5sYsHG8cO1A6oVGUyIV0yr3AQqScvj+M1SQDFzyrZilmUv+Ffo1ZnnA9WB0JWVA39+CBB+8ojUq74v8cdlJkVwfgL41TsI8WYrl02rJ6ZVKNaf+l58VT0WqItbc+y3cNHf29UQxliLfxO9hne0c6DG8G55Y5GnmgEflSlSxmNooFFeTPtf4TuMiNjD9tP5Awo0BTlOd9by0absLBj0GiZHxilHZI+cCPZu/gt3zVPsVufbdbZC2lvgj3kvxxk6rReTv7xdRjMgqvOiIf0TVY7LSLMeC/R8zbofa7XJ6DyfmY/PhGOQ4bDTHCAW/zMEWO9ZiEQKAdsxdTvwC2ZzSjNisCnE06CMBrrHu9efAG2mKDNbfSY6T7f9oAgX03i6lbw9M97a2A891yDz2qj4snTC9Q0kFewqfuRrpAGbTUZfCE8vPD1g==
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InszNTZGNDU1Ny0zNTYyLTQzRjQtOUU2Mi0wM0RFRjhFNjhBRDJ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0ZCMEFFMDU1LUJBNzktNDg4Mi04MjY4LTRFMjBGQzc1QTQwN30iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48L2FwcD48L3JlcXVlc3Q-
  • '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regserver
Executes the following:
  • '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\123HD-Plus\123HD-Plus-bho.dll"
  • '<SYSTEM32>\msiexec.exe' /V
Terminates or attempts to terminate
the following user processes:
  • opera.exe
  • firefox.exe
  • iexplore.exe
Modifies file system :
Creates the following files:
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\44b38bfdf39c8827b10cf4d3fd97f025.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\c542d2dd4cce9f036164b795a87ba557.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\091e168f0b2b70c444bdcecb691b3454.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\e7b5fb28a78a21a5b72240bda3a94cdf.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\74ae60aaa35848529179854432658d82.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\da7999630a153dd13ab7f92774e59a75.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\668b8b0408b3ed0bd9d8d097117d64d4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\ff91253389788e2f2753007d25350dce.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\731303107969ce43545cd106a8cca6f0.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\0442134b78e7bf22a9bb19585e963e08.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\33a2bd1d06470f97718df04c2ff0890a.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\ce4fc77370871e33e83483d2bf5ca953.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\b9effec359e718062e859ece4a859c28.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\button1.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\button3.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\icon24.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\icon128.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\panelarrow-up.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\icon16.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\skin.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\popup.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\icon48.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\5a5349a39c77bf67fce46d4e1b7c88b1.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\button5.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\button2.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\update.css
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\f460a77b471c3e3356767e4481b6ce98.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\23ca408b35e445b550aa8ddef96c866a.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\f2c785fadaf6b15927c9253806269305.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\7715021903361462c94fac02ca176fbf.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\5dd416962a49effd4d93e57b3fcaabb1.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\4785a6cf3b6034f58f33234b6851f63c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\764f7d0dffe17b3c520b62427bb2c1ef.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\6eef0d6197df37b257ed3b931d111ab9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\browser.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\c3b8952a0717ca2aa46de58f9c9238d8.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\7fddb8d8c2518874c6a84e2d1e1fed10.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\df0f312bcdf6e2fc86684738e466e3e6.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\3799099ea66252262323d3ff81836566.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\83e7ff5e68eb4a6c543a8df4e2de5bcf.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\47c339e048e151c5a04a7f27beb6b0ec.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\c1045211c5cb56d1df705619c8683502.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\13f90c071a7f256c52362df112ba0871.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\api\d8dda357da053bd6c9773238788c85c9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\ef6fc36e0827f0874ad65efb6758800a.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\e6029bc506ea497a29b2dd3d2d0ac763.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\5653a8d09d15016b6f3aa978aa2740b7.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\8340997af2c2d594c9fff19df448a995.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\d4df94dd3b205b0bc14c7ceb58a15db2.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\installer.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\fd96f0f66216d2eb507dc21d0d54f1dc.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\core\ff522b1ef0dcbcf6514b93583faa52eb.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\44.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\43.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\42.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\47.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\46.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\45.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\41.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\38.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\37.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\36.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\40.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\4.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\39.js
  • %PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4-2.exe
  • %PROGRAM_FILES%\123HD-Plus\123HD-Plus-bho.dll
  • %TEMP%\nsr3.tmp\extensionData\userCode\extension.js
  • %PROGRAM_FILES%\123HD-Plus\123HD-Plus-codedownloader.exe
  • %PROGRAM_FILES%\123HD-Plus\123HD-Plus-bg.exe
  • %PROGRAM_FILES%\123HD-Plus\background.html
  • %TEMP%\nsr3.tmp\extensionData\userCode\background.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\78.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\72.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\64.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\94.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\93.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\91.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\17.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\14.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\13.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\183.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\182.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\177.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\104.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\button4.png
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\skin\crossrider_statusbar.png
  • %TEMP%\nsr3.tmp\extensionData\plugins\1.js
  • %TEMP%\nsr3.tmp\extensionData\plugins.json
  • %TEMP%\nsr3.tmp\extensionData\manifest.xml
  • %TEMP%\nsr3.tmp\extensionData\plugins\269.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\263.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\246.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\35.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\3.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\28.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\242.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\207.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\2.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\193.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\22.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\211.js
  • %TEMP%\nsr3.tmp\extensionData\plugins\21.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\options.js
  • %PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4-3.exe
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
  • %TEMP%\Cab4.tmp
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
  • %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
  • %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • %PROGRAM_FILES%\123HD-Plus\039670ca-ffcb-4349-b5e0-3b4a267fff66.crx
  • %PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
  • %PROGRAM_FILES%\123HD-Plus\02b0ec0a-5bc9-4dac-92b4-16bca711bf4b.crx
  • %PROGRAM_FILES%\123HD-Plus\1293297481.mxaddon
  • %TEMP%\Cab6.tmp
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
  • %PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4.crx
  • %TEMP%\Cab8.tmp
  • %TEMP%\nsr3.tmp\update.json
  • %TEMP%\nsr3.tmp\inetc.dll
  • %TEMP%\nsr3.tmp\UserInfo.dll
  • %TEMP%\nsr3.tmp\455760
  • %PROGRAM_FILES%\123HD-Plus\utils.exe
  • %TEMP%\nsr3.tmp\md5dll.dll
  • %TEMP%\nsr3.tmp\System.dll
  • %TEMP%\nsr3.tmp\StdUtils.dll
  • %TEMP%\nsq2.tmp
  • %TEMP%\nsr3.tmp\nsisos.dll
  • %TEMP%\nsr3.tmp\InstallerUtils2.dll
  • %TEMP%\nsr3.tmp\InstallerUtils.dll
  • %TEMP%\comh.343858\npGoogleUpdate4.dll
  • %TEMP%\comh.343858\goopdateres_en.dll
  • %TEMP%\comh.343858\goopdate.dll
  • %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
  • %TEMP%\comh.343858\psuser.dll
  • %TEMP%\comh.343858\psmachine.dll
  • %TEMP%\comh.343858\GoogleUpdateOnDemand.exe
  • %TEMP%\comh.343858\GoogleCrashHandler.exe
  • %PROGRAM_FILES%\123HD-Plus\Uninstall.exe
  • %TEMP%\nsr3.tmp\174966
  • %TEMP%\comh.343858\GoogleUpdateHelper.msi
  • %TEMP%\comh.343858\GoogleUpdateBroker.exe
  • %TEMP%\comh.343858\GoogleUpdate.exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\78.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\193.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\72.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\13.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\47.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\17.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\64.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\177.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\14.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\104.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\246.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\22.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\263.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\ffCoreFilesIndex.txt
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\background.html
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\4cf904921086866fea6c5d922e8e6d37.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\ae14c83653fc0f9e075918d02526779c.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\search_dialog.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\1334fa3c33707f98dac400a411baf8c9.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\dialog.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\userCode\extension.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\207.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\98.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\110daad121da6929af008b352cd85389.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome\content\options.xul
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\userCode\background.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\locale\en-US\translations.dtd
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\install.rdf
  • %PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4-4.exe
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins.json
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\chrome.manifest
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\defaults\preferences\prefs.js
  • %TEMP%\MSI36070.LOG
  • %WINDIR%\Installer\3570a.msi
  • %TEMP%\nsr3.tmp\ExecDos.dll
  • %PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4-11.exe
  • C:\Config.Msi\3570d.rbs
  • %PROGRAM_FILES%\123HD-Plus\525ffbc1-07f5-4e56-ac45-baab68f08cb4.xpi
  • %WINDIR%\Installer\MSIA.tmp
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\4.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\242.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\91.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\182.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\1.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\21.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\16.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\28.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\183.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\manifest.xml
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\93.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\211.js
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\cc793666-df0d-4060-99cc-2ea865d37f8b@ad98d289-15a9-4d3e-99f4-b785f6ea5d23.com\extensionData\plugins\268.js
Deletes the following files:
  • %WINDIR%\Installer\3570a.msi
  • C:\Config.Msi\3570d.rbs
  • %WINDIR%\Installer\3570c.ipi
  • %WINDIR%\Tasks\temp_525ffbc1-07f5-4e56-ac45-baab68f08cb4-2.job
  • %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
  • %TEMP%\Cab4.tmp
  • %TEMP%\nsr3.tmp\174966
  • %TEMP%\Cab6.tmp
  • %WINDIR%\Installer\MSIA.tmp
  • %TEMP%\Cab8.tmp
Network activity:
Connects to:
  • 'ts####.ws.symantec.com':80
  • 'cr#.#hawte.com':80
  • 'localhost':1046
  • 'localhost':1052
  • 'localhost':1047
  • 'er####.#nfodatacloud.com':80
  • 'up####.#nfodatacloud.com':80
  • 'st###.#nfodatacloud.com':80
  • 'www.download.windowsupdate.com':80
  • 'lo##.##fodatacloud.com':80
TCP:
HTTP GET requests:
  • up####.#nfodatacloud.com/omaha/22BA8BC4-B8F9-46DE-9191-7D410210D355/1/update.xml?ra#######################################################################################################################################################################################
  • up####.#nfodatacloud.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?ra#######
  • ts####.ws.symantec.com/tss-ca-g2.crl
  • up####.#nfodatacloud.com/omaha/22BA8BC4-B8F9-46DE-9191-7D410210D355/1/update.xml?ra#######
  • up####.#nfodatacloud.com/omaha/22BA8BC4-B8F9-46DE-9191-7D410210D355/1/ping.xml?ra#####
  • up####.#nfodatacloud.com/omaha/22BA8BC4-B8F9-46DE-9191-7D410210D355/1/ping.xml?ra#######
  • lo##.##fodatacloud.com/monetization.gif?ra#####################################################################################################################################################################
  • st###.#nfodatacloud.com/installer.gif?ac####################################################################################################################################################################################################################################################################################################################################################################################################################################
  • er####.#nfodatacloud.com/installer-error.gif?ac########################################################################################################################################################################################################################################################################################################################################################################################################
  • up####.#nfodatacloud.com/installer_updates/001352/update.json
  • lo##.##fodatacloud.com/monetization.gif?ev######################################################################################################################################################################################################################################################################
  • cr#.#hawte.com/ThawteTimestampingCA.crl
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
UDP:
  • DNS ASK www.download.windowsupdate.com
  • DNS ASK cr#.#hawte.com
  • DNS ASK ts####.ws.symantec.com
  • DNS ASK lo##.##fodatacloud.com
  • DNS ASK up####.#nfodatacloud.com
  • DNS ASK er####.#nfodatacloud.com
  • DNS ASK st###.#nfodatacloud.com
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Recommandations pour le traitement

  1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
  2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.

Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

  1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
  2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
    • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
    • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
    • Débranchez votre appareil et rebranchez-le.

En savoir plus sur Dr.Web pour Android

Editeur russe des solutions antivirus Dr.Web
Expérience dans le développement depuis 1992
Les internautes dans plus de 200 pays utilisent Dr.Web
L'antivirus est fourni en tant que service depuis 2007
Support 24/24

Dr.Web © Doctor Web
2003 — 2022

Doctor Web est un éditeur russe de solutions de cybersécurité axées sur la détection de menaces et les technologies de prévention et de réponse aux cyberattaques.