ADW_ADWAPPER

Publish Date: 15 Januar 2015

Analyse von: Adrian Cofreros

Win32/Packed.ScrambleWrapper.D application(NOD32),HEUR:AdWare.NSIS.Adwapper.heur(Kaspersky)

Plattform:

Windows

Risikobewertung (gesamt):

Schadenspotenzial::

Verteilungspotenzial::

reportedInfection:

Trend Micro Lösungen:

Niedrig

Mittel

Hoch

Kritisch

Malware-Typ:
Adware
Zerstrerisch?:
Nein
Verschlsselt?:
In the wild::
Ja

Überblick

Technische Details

Dateigröße: 5,510,268 bytes

Dateityp: EXE

Speicherresiden: Ja

Erste Muster erhalten am: 14 Januar 2015

Installation

Schleust die folgenden Dateien ein:

%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\asyncDB.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\background.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\browserAction.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\contextMenu.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\dbManager.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\dom_bg.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\fileManager.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\firefox.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\firefoxNotifications.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\firefoxOmnibox.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\message.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\pageAction.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\request.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\tabs.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api\webRequest.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\background.html
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\baseObject.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\browser.xul
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\console.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\consts.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\delegate.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\extensionDataStore.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\folderIOWrapper.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\httpObserver.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\IDBWrapper.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\installer.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\logFile.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\prefs.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\progressListenerObserver.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\registry.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\reloadObserver.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\reports.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\requestObject.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\searchSettings.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\uninstallObserver.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\updateManager.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\utils.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core\xhr.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\dialog.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\main.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\options.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\options.xul
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\search_dialog.xul
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome.manifest
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\defaults\preferences\prefs.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\manifest.xml
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\101_cortica_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\102_dealply_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\103_intext_5_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\104_jollywallet_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\105_corticas_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\107_coupish_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\108_icm_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\116_ads_only_5_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\119_similar_web_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\120_luck_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\123_intext_adv_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\125_arcadi2_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\126_revizer_ws_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\127_revizer_p_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\128_superfish_pricora_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\129_widdit_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\135_arcadi3_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\138_getdeal_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\13_CrossriderAppUtils.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\141_corticas_ru_m.js.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\142_intext_fa_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\14_CrossriderUtils.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\155_ibario_pops_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\159_cortica_rollover_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\16_FFAppAPIWrapper.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\17_jQuery.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\1_base.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\21_debug.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\22_resources.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\28_initializer.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\47_resources_background.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\4_jquery_1_7_1.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\64_appApiMessage.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\72_appApiValidation.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\78_CrossriderInfo.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\87_ginyas_wrapper.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\91_monetizationLoader.js.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\92_superfish_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\93_superfish_no_coupons_m.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins\98_omniCommands.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins.json
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\userCode\background.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\userCode\extension.js
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\install.rdf
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\locale\en-US\translations.dtd
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\button1.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\button2.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\button3.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\button4.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\button5.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\crossrider_statusbar.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\icon128.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\icon16.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\icon24.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\icon48.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\panelarrow-up.png
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\popup.html
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\skin.css
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin\update.css
%Windows%\Installer\{random}.msi
%Program Files%\a2zLyrics-1\41554.crx
%Program Files%\a2zLyrics-1\41554.xpi
%Program Files%\a2zLyrics-1\a2zLyrics-1-bg.exe
%Program Files%\a2zLyrics-1\a2zLyrics-1-bho.dll
%Program Files%\a2zLyrics-1\a2zLyrics-1-buttonutil.dll
%Program Files%\a2zLyrics-1\a2zLyrics-1-buttonutil.exe
%Program Files%\a2zLyrics-1\a2zLyrics-1-chromeinstaller.exe
%Program Files%\a2zLyrics-1\a2zLyrics-1-codedownloader.exe
%Program Files%\a2zLyrics-1\a2zLyrics-1-enabler.exe
%Program Files%\a2zLyrics-1\a2zLyrics-1-firefoxinstaller.exe
%Program Files%\a2zLyrics-1\a2zLyrics-1-helper.exe
%Program Files%\a2zLyrics-1\a2zLyrics-1-updater.exe
%Program Files%\a2zLyrics-1\a2zLyrics-1.ico
%Program Files%\a2zLyrics-1\background.html
%Program Files%\a2zLyrics-1\Installer.log
%Program Files%\a2zLyrics-1\Uninstall.exe
%Program Files%\a2zLyrics-1\utils.exe
%Windows%\Tasks\a2zLyrics-1-chromeinstaller.job
%Windows%\Tasks\a2zLyrics-1-codedownloader.job
%Windows%\Tasks\a2zLyrics-1-enabler.job
%Windows%\Tasks\a2zLyrics-1-firefoxinstaller.job
%Windows%\Tasks\a2zLyrics-1-updater.job

Erstellt die folgenden Ordner:

%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\api
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\chrome\content\core
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\defaults
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\defaults\preferences
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\plugins
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\extensionData\userCode
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\locale
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\locale\en-US
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com\skin
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\extensionData
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\extensionData\plugins
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\extensionData\userCode
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\icons
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\icons\actions
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js\api
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js\lib
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\1.24.16_0\js\lib\popupResource

Andere Systemänderungen

Fügt die folgenden Registrierungsschlüssel hinzu:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550455155554}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660466156654}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440444154454}

HKEY_CURRENT_USER\Software\a2zLyrics-1

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Plugins

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Plugins\{Key value}

HKEY_CURRENT_USER\Software\Crossrider

HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\
Lyrics

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Chrome

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
IE

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Installer

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
Ext\PreApproved\{11111111-1111-1111-1111-110411151154}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.BHO

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.Sandbox

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110411151154}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220422152254}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440444154454}\1.0\
0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{11111111-1111-1111-1111-110411151154}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
a2zLyrics-1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{164e9b12-3a5a-420c-bfbf-b819b1ff89cb}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{6507d1ab-8a66-461d-8c53-e86fbb685be6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{77767cbc-e832-42df-9262-522bf7139601}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{ad2f012a-8fde-4848-9634-08732d9b1066}

Fügt die folgenden Registrierungseinträge hinzu:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.Sandbox\CurVer
(Default) = "CrossriderApp0041554.Sandbox"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.Sandbox.1
(Default) = "CrossriderApp0041554.Sandbox"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.Sandbox.1\CLSID
(Default) = "{22222222-2222-2222-2222-220422152254}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110411151154}
(Default) = "a2zLyrics-1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110411151154}\Implemented Categories
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110411151154}\Implemented Categories\
{59fb2056-d625-48d0-a944-1a85b5ab2640}
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110411151154}\InprocServer32
(Default) = "%Program Files%\a2zLyrics-1\a2zLyrics-1-bho.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110411151154}\ProgID
(Default) = "CrossriderApp0041554.BHO.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110411151154}\TypeLib
(Default) = "{44444444-4444-4444-4444-440444154454}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110411151154}\VersionIndependentProgID
(Default) = "CrossriderApp0041554"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220422152254}
(Default) = "CrossriderApp0041554.Sandbox"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220422152254}\InprocServer32
(Default) = "%Program Files%\a2zLyrics-1\a2zLyrics-1-bho.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220422152254}\InprocServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220422152254}\ProgID
(Default) = "CrossriderApp0041554.Sandbox.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220422152254}\TypeLib
(Default) = "{44444444-4444-4444-4444-440444154454}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220422152254}\VersionIndependentProgID
(Default) = "CrossriderApp0041554.Sandbox"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\
SourceList\Net
3 = "{hex values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550455155554}
(Default) = "ICrossriderBHO"

HKEY_CURRENT_USER\Software\a2zLyrics-1
ActiveAppId = "41554"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Code
AppJavaScript = ""

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Code
BgJavaScript = ""

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Code
NewTabJavaScript = ""

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Installer
Time = "{value}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Installer
StatsDomain = "http://stats.ourstatssrv.com"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Installer
{entries} = "{value}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Log
a2zlyrics-1-helper = "{dword:00000000}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Log
a2zlyrics-1-bho = "{dword:00000000}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Manifest
{entries} = "{value}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Plugins
{entries} = "{values}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Plugins\1
Version = "{dword:0000000b}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Plugins\1
Name = "base"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Plugins\1
JavaScript = "{value}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Plugins\{key value}
{Entries} = "{values}"

HKEY_CURRENT_USER\Software\a2zLyrics-1\
Update
LastCheck = "dword:54b465b5"

HKEY_CURRENT_USER\Software\Crossrider
Bic = "C133204615494EC3B9F035B3C412F409IE"

HKEY_CURRENT_USER\Software\Crossrider
Verifier = "aa8c376496c39d77da9694fc51d1f2be"

HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\
Lyrics
41554 = "a2zLyrics-1"

HKEY_CURRENT_USER\Software\InstalledThirdPartyPrograms
PID23861 = "installed"

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\ApprovedExtensionsMigration
{11111111-1111-1111-1111-110411151154} = ""

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Ext\CLSID
{11111111-1111-1111-1111-110411151154} = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Chrome
TotalProfiles = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Chrome\Profiles
%AppDataLocal%\Google\Chrome\User Data\Default = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Firefox
TotalProfiles = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Firefox\Profiles
%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
IE
TotalProfiles = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
IE\Profiles
S-1-5-21-484763869-789336058-682003330-1003 = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Installer
BundledChrome = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Installer
BundledFirefox = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Installer
BundledIe = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\InstalledThirdPartyPrograms
PID23861 = "installed"

HKEY_LOCAL_MACHINE\SOFTWARE\InstalledThirdPartyPrograms
EID41554 = "installed"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.BHO
(Default) = "CrossriderApp0041554"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.BHO\CLSID
(Default) = "{11111111-1111-1111-1111-110411151154}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.BHO\CurVer
(Default) = "CrossriderApp0041554"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.BHO.1
(Default) = "CrossriderApp0041554"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.BHO.1\CLSID
(Default) = "{11111111-1111-1111-1111-110411151154}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.Sandbox
(Default) = "CrossriderApp0041554.Sandbox"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0041554.Sandbox\CLSID
(Default) = "{22222222-2222-2222-2222-220422152254}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550455155554}\ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550455155554}\ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550455155554}\TypeLib
(Default) = "{44444444-4444-4444-4444-440444154454}"

HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1\
Chrome\Profiles
%AppDataLocal%\Google\Chrome\User Data\Default = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550455155554}\TypeLib
"1" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660466156654}
(Default) = "ISandBox"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660466156654}\ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660466156654}\ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660466156654}\TypeLib
(Default) = "{44444444-4444-4444-4444-440444154454}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660466156654}\TypeLib
Version = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440444154454}\1.0
(Default) = "CrossriderApp0041554 Type Library"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440444154454}\1.0\
0\win32
(Default) = "%Program Files%\a2zLyrics-1\a2zLyrics-1-bho.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440444154454}\1.0\
FLAGS
(Default) = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440444154454}\1.0\
HELPDIR
(Default) = "%Program Files%\a2zLyrics-1"

LastCodeRedCheck
"hex(b):ee,35,65,11,e2,0b,00,00," = "hex(b):ee,35,65,11,e2,0b,00,00,"

LastChecked
LastChecked = "dword:54b4664f"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{ad2f012a-8fde-4848-9634-08732d9b1066}
AppName = "a2zLyrics-1-buttonutil.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{ad2f012a-8fde-4848-9634-08732d9b1066}
AppPath = "%Program Files%\a2zLyrics-1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{ad2f012a-8fde-4848-9634-08732d9b1066}
Policy = "dword:00000003"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
a2zLyrics-1-bg.exe = "dword:00001f40"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{11111111-1111-1111-1111-110411151154}
"CrossriderApp0041554" = "CrossriderApp0041554"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{11111111-1111-1111-1111-110411151154}
NoExplorer = "dword:00000001"

DisplayName
DisplayName = "a2zLyrics-1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
a2zLyrics-1
DisplayIcon = "%Program Files%\a2zLyrics-1\utils.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
a2zLyrics-1
DisplayVersion = "1.28.153.3"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
a2zLyrics-1
Publisher = "Lyrics"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
a2zLyrics-1
CrPublisherId = "23861"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
a2zLyrics-1
CrAppId = "41554"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
a2zLyrics-1
UninstallString = "%Program Files%\a2zLyrics-1\Uninstall.exe /fromcontrolpanel=1"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Enum\Root\LEGACY_MSISERVER\
0000\Control
ActiveService = "MSIServer"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{164e9b12-3a5a-420c-bfbf-b819b1ff89cb}
AppName = "a2zLyrics-1-bg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{164e9b12-3a5a-420c-bfbf-b819b1ff89cb}
AppPath = "%Program Files%\a2zLyrics-1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{164e9b12-3a5a-420c-bfbf-b819b1ff89cb}
Policy = "dword:00000001"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{6507d1ab-8a66-461d-8c53-e86fbb685be6}
AppName = "a2zLyrics-1-helper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{6507d1ab-8a66-461d-8c53-e86fbb685be6}
AppPath = "%Program Files%\a2zLyrics-1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{6507d1ab-8a66-461d-8c53-e86fbb685be6}
Policy = "dword:00000003"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{77767cbc-e832-42df-9262-522bf7139601}
AppName = "a2zLyrics-1-codedownloader.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{77767cbc-e832-42df-9262-522bf7139601}
AppPath = "%Program Files%\a2zLyrics-1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{77767cbc-e832-42df-9262-522bf7139601}
Policy = "dword:00000003"

Lösungen

Mindestversion der Scan Engine: 9.700

Step 1

Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.

Step 3

Führen Sie den Neustart im normalen Modus durch, und durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt nach Dateien, die als ADW_ADWAPPER entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.

Step 4

Diesen Registrierungsschlüssel löschen

[ learnMore ]

Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.

In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {55555555-5555-5555-5555-550455155554}
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {66666666-6666-6666-6666-660466156654}
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {44444444-4444-4444-4444-440444154454}
In HKEY_CURRENT_USER\Software
- a2zLyrics-1
In HKEY_CURRENT_USER\Software\a2zLyrics-1\Plugins
- {Key value}
In HKEY_CURRENT_USER\Software
- Crossrider
In HKEY_CURRENT_USER\Software\InstalledBrowserExtensions
- Lyrics
In HKEY_LOCAL_MACHINE\SOFTWARE
- a2zLyrics-1
In HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1
- Chrome
In HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1
- Firefox
In HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1
- IE
In HKEY_LOCAL_MACHINE\SOFTWARE\a2zLyrics-1
- Installer
In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved
- {11111111-1111-1111-1111-110411151154}
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- CrossriderApp0041554.BHO
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- CrossriderApp0041554.BHO
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- CrossriderApp0041554.Sandbox
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {11111111-1111-1111-1111-110411151154}
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {22222222-2222-2222-2222-220422152254}
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {44444444-4444-4444-4444-440444154454}
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
- {11111111-1111-1111-1111-110411151154}
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- a2zLyrics-1
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {164e9b12-3a5a-420c-bfbf-b819b1ff89cb}
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {6507d1ab-8a66-461d-8c53-e86fbb685be6}
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {77767cbc-e832-42df-9262-522bf7139601}
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {ad2f012a-8fde-4848-9634-08732d9b1066}

Registrierungsschlüssel löschen, die diese Malware/Grayware/Spyware erstellt hat:

Öffnen Sie den Registrierungs-Editor. Klicken Sie dazu auf Start>Ausführen, geben Sie regedit in das Textfeld ein, und drücken Sie die Eingabetaste.
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>Classes>Interface
Suchen und löschen Sie den Schlüssel:
{55555555-5555-5555-5555-550455155554}
Suchen und löschen Sie den Schlüssel:
{66666666-6666-6666-6666-660466156654}
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>Classes>TypeLib
Suchen und löschen Sie den Schlüssel:
{44444444-4444-4444-4444-440444154454}
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_CURRENT_USER>Software
Suchen und löschen Sie den Schlüssel:
a2zLyrics-1
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_CURRENT_USER>Software>a2zLyrics-1>Plugins
Suchen und löschen Sie den Schlüssel:
{Key value}
Suchen und löschen Sie den Schlüssel:
Crossrider
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_CURRENT_USER>Software>InstalledBrowserExtensions
Suchen und löschen Sie den Schlüssel:
Lyrics
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE
Suchen und löschen Sie den Schlüssel:
a2zLyrics-1
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>a2zLyrics-1
Suchen und löschen Sie den Schlüssel:
Chrome
Suchen und löschen Sie den Schlüssel:
Firefox
Suchen und löschen Sie den Schlüssel:
IE
Suchen und löschen Sie den Schlüssel:
Installer
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>Wow6432Node>Microsoft>Windows>CurrentVersion>Ext>PreApproved
Suchen und löschen Sie den Schlüssel:
{11111111-1111-1111-1111-110411151154}
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>Classes
Suchen und löschen Sie den Schlüssel:
CrossriderApp0041554.BHO
Suchen und löschen Sie den Schlüssel:
CrossriderApp0041554.BHO
Suchen und löschen Sie den Schlüssel:
CrossriderApp0041554.Sandbox
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>Classes>CLSID
Suchen und löschen Sie den Schlüssel:
{11111111-1111-1111-1111-110411151154}
Suchen und löschen Sie den Schlüssel:
{22222222-2222-2222-2222-220422152254}
Suchen und löschen Sie den Schlüssel:
{44444444-4444-4444-4444-440444154454}
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>Browser Helper Objects
Suchen und löschen Sie den Schlüssel:
{11111111-1111-1111-1111-110411151154}
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Uninstall
Suchen und löschen Sie den Schlüssel:
a2zLyrics-1
Doppelklicken Sie im linken Fensterbereich des Registrierungs-Editors auf:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Internet Explorer>Low Rights>ElevationPolicy
Suchen und löschen Sie den Schlüssel:
{164e9b12-3a5a-420c-bfbf-b819b1ff89cb}
Suchen und löschen Sie den Schlüssel:
{6507d1ab-8a66-461d-8c53-e86fbb685be6}
Suchen und löschen Sie den Schlüssel:
{77767cbc-e832-42df-9262-522bf7139601}
Suchen und löschen Sie den Schlüssel:
{ad2f012a-8fde-4848-9634-08732d9b1066}
Schließen Sie den Registrierungs-Editor.

Step 5

Diese Ordner suchen und löschen

[ learnMore ]

Aktivieren Sie unbedingt das Kontrollkästchen Versteckte Elemente durchsuchen unter Weitere erweiterte Optionen, um alle verborgenen Ordner in den Suchergebnissen zu berücksichtigen.

%Application Data%\Mozilla\Firefox\Profiles\03chnxd8.default\extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com
%AppDataLocal%\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn

Step 6

Diese Datei suchen und löschen

[ learnMore ]

Möglicherweise sind einige Komponentendateien verborgen. Aktivieren Sie unbedingt das Kontrollkästchen Versteckte Elemente durchsuchen unter Weitere erweiterte Optionen, um alle verborgenen Dateien und Ordner in den Suchergebnissen zu berücksichtigen.

%Windows%\Installer\{random}.msi
%Windows%\Tasks\a2zLyrics-1-chromeinstaller.job
%Windows%\Tasks\a2zLyrics-1-codedownloader.job
%Windows%\Tasks\a2zLyrics-1-enabler.job
%Windows%\Tasks\a2zLyrics-1-firefoxinstaller.job
%Windows%\Tasks\a2zLyrics-1-updater.job

Step 7

Im abgesicherten Modus neu starten

[ learnMore ]

Nehmen Sie an unserer Umfrage teil

ADW_ADWAPPER

Überblick

Technische Details

Lösungen

Ressourcen

Support

Über Trend

Hauptniederlassung DACH

ADW_ADWAPPER

Überblick

Technische Details

Lösungen

Ressourcen

Support

Über Trend

Hauptniederlassung DACH

Nord-, Mittel- und Südamerika

Naher Osten und Afrika

Europa

Asien-Pazifik