Technical Information
- '%TEMP%\nsi6.tmp\chinstall\chromeReset.exe' /crx="%TEMP%\nsi6.tmp\chinstall\ext.crx" /path="%TEMP%\nsi6.tmp\chinstall\extracted"
- '%TEMP%\Addon.exe' /S /verysilent
- '%TEMP%\FixShortcuts.exe'
- firefox.exe
- chrome.exe
- iexplore.exe
- %TEMP%\nsi6.tmp\ZipDLL.dll
- %TEMP%\nsi6.tmp\chinstall\ext.crx
- %TEMP%\nsi6.tmp\chinstall\extracted\main.js
- %TEMP%\nsi6.tmp\chinstall\extracted\bg.html
- %PROGRAM_FILES%\VonteeraAddon\onload.js
- %TEMP%\Addon.exe
- %TEMP%\nsx3.tmp\nsis7z.dll
- %PROGRAM_FILES%\VonteeraAddon\Vonteera.dll
- %TEMP%\nsd5.tmp
- %TEMP%\nsi6.tmp\chinstall\extracted\manifest.json
- %TEMP%\nsi6.tmp\chinstall\chromeReset.exe
- <LS_APPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfhbklndhffnahdploecdffbedhgjnce_0.localstorage
- %TEMP%\nsi6.tmp\inetc.dll
- %TEMP%\nsi6.tmp\System.dll
- %TEMP%\nsi6.tmp\Dialogs.dll
- %TEMP%\nsi6.tmp\chinstall\extracted\Vonteera-16-16.png
- %TEMP%\nsi6.tmp\chinstall\extracted\Vonteera-128-128.png
- %TEMP%\nsi6.tmp\chinstall\extracted\_locales\en\messages.json
- %TEMP%\nsi6.tmp\chinstall\extracted\Vonteera-48-48.png
- %TEMP%\nsx3.tmp\inetc.dll
- C:\onewebsearch
- %TEMP%\stat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\new[1]
- C:\GeniusXXAddon
- %TEMP%\FriendsKeeper.dll
- %TEMP%\nss2.tmp
- <LS_APPDATA>\iexplorer
- %TEMP%\nsx3.tmp\System.dll
- %TEMP%\nsx3.tmp\NSISdl.dll
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\searchPlugins\Search The Web.xml
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.jstmp
- %TEMP%\AddOn.dat
- %TEMP%\FixShortcuts.exe
- %TEMP%\nsx3.tmp\searchInstaller.dll
- %TEMP%\nsx3.tmp\nsisXML.dll
- %TEMP%\alnaddy_config.dat
- %TEMP%\search.ini
- %TEMP%\nsx3.tmp\Processes.dll
- %TEMP%\FixShortcuts.exe
- %TEMP%\nsi6.tmp\chinstall\chromeReset.exe
- %TEMP%\nsx3.tmp\searchInstaller.dll
- %TEMP%\FriendsKeeper.dll
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.jstmp to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js
- 'www.go#####analytics.com':80
- 'www.ft###aby.com':80
- 'www.ye###menger.com':80
- www.go#####analytics.com/__utm.gif?ut##############################################################################################################################################################################
- www.ft###aby.com/DATA/getdata.php?wt######################
- www.ye###menger.com/t/von/new
- DNS ASK www.go#####analytics.com
- DNS ASK www.ft###aby.com
- DNS ASK www.ye###menger.com
- ClassName: '#32770' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Shell_TrayWnd'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'