Защити созданное

Другие наши ресурсы

  • free.drweb.kz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.kz — сетевая лечащая утилита Dr.Web CureNet!
Закрыть

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

+ Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск
Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Глобальная поддержка:
+7 (495) 789-45-86

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

KZ

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader22.9023

Добавлен в вирусную базу Dr.Web: 2016-07-20

Описание добавлено:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\SOFTWARE\Classes\sim-packages\shell\open\command] '' = '%ProgramFiles(x86)%\SweetIM\Messenger\ContentPackagesActivationHandler.exe "%1"'
  • [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'SweetIM' = '%ProgramFiles(x86)%\SweetIM\Messenger\SweetIM.exe'
Sets the following service settings
  • [<HKLM>\System\CurrentControlSet\Services\IBUpdaterService] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\IBUpdaterService] 'ImagePath' = '<SYSTEM32>\dmwu.exe'
Creates the following services
  • 'IBUpdaterService' <SYSTEM32>\dmwu.exe
Changes the following executable system files
  • <SYSTEM32>\msvcp100.dll
  • <SYSTEM32>\msvcr100.dll
Modifies file system
Creates the following files
  • %TEMP%\1600547378_1140289_965_8.tmp
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\global-namespace.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\it-it\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\it-it\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\fr-fr\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\fr-fr\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\es-es\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\es-es\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\en-us\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\en-us\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\de-de\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\de-de\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\flavour.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\newtab.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\cdadialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\visibility.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\cdadialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\dialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\script.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\dnserror.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\exampledialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\exampledialog.html
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\exampledialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\generalobserver.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\nl-nl\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\domainutils.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\clear-history.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\find.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\smileywink.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\web-search-button-glass.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\search-current-site.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\finance.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\dictionary.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\social-networks.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\web-search.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\video.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\yahoo.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\highlight-disabled.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\highlight.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\toolbar.css
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\smileysmile.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\tabinfo.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\music.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\more-search-providers.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\logo_32x32.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\logo_19x19.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\logo.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\bing.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\photos.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\splitter.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\google.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\nl-nl\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\messagebox.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\addonmanager.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\addonlistener.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\highlight.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\cookies.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\optionsdialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\optionsdialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\contentmenu.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\contentmenu-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\genericdialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\configarray.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\config.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\commands.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\chevron.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\bindings.xml
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\toolbar.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\main.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\meta-inf\manifest.mf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\meta-inf\zigbert.sf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\meta-inf\zigbert.rsa
  • %TEMP%\1600547455_1217229_392_2.tmp
  • %TEMP%\1600547445_1207182_212_4.tmp
  • %WINDIR%\installer\{dd85d6bf-4787-4a93-99a5-3f0cf0ae8834}\arpproducticon.exe
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mgxml_wrapper.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mgsimcommon.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mglogger.dll
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\file.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\history.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\findword.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\logger.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\wait.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\install.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\version-ff.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\inject.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\gui.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\ppcbully.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\dynamic.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\remote.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\webprogresslistener.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\version.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\uninstallobserver.js
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mghooking.dll
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\tooltip.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\tabinfo-array.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\toolbar.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\genericdialog.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\contentmenu.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\stringbundles.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\splitter.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\searchservice.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\searchguard.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\search.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\release.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\registry.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\web-search-button-bg.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\globals.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\web-search-button-bg-hover.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\registry.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\google.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\find.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\clear-history.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\nl-nl\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\nl-nl\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\it-it\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\it-it\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\fr-fr\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\fr-fr\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\es-es\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\es-es\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\en-us\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\en-us\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\de-de\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\de-de\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\flavour.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\newtab.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\cdadialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\visibility.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\cdadialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\dialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\script.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\dnserror.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\exampledialog.html
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\exampledialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\splitter.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\photos.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\install.rdf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome.manifest
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\components\simautocompletesearch.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\web-search-button-bg-hover.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\web-search-button-bg.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\web-search-button-glass.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\search-current-site.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\finance.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\dictionary.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\social-networks.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\web-search.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\yahoo.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\generalobserver.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\highlight-disabled.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\highlight.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\toolbar.css
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\smileywink.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\smileysmile.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\music.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\more-search-providers.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\logo_32x32.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\logo_19x19.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\logo.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\bing.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\exampledialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\domainutils.js
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_hover.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\release.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\install.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\history.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\highlight.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\globals.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\file.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\cookies.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\optionsdialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\optionsdialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\contentmenu.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\contentmenu-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\genericdialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\configarray.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\config.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\commands.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\chevron.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\bindings.xml
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\toolbar.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\main.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\meta-inf\manifest.mf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\meta-inf\zigbert.sf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\meta-inf\zigbert.rsa
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\install.rdf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\search.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\searchguard.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\messagebox.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\webprogresslistener.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\remote.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\global-namespace.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\addonmanager.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\addonlistener.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\wait.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\findword.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\version-ff.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\inject.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\gui.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\ppcbully.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\dynamic.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome.manifest
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\components\simautocompletesearch.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\logger.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\uninstallobserver.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\tooltip.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\tabinfo-array.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\tabinfo.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\toolbar.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\genericdialog.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\contentmenu.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\stringbundles.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\splitter.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\searchservice.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\version.js
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mgconfig.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mgcommon.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mgtoolbarproxy.dll
  • %WINDIR%\syswow64\arfc\msvcp100.dll
  • %ALLUSERSPROFILE%\sweetim\messenger\conf\users\main_user_config.xml
  • %ALLUSERSPROFILE%\sweetim\messenger\conf\sweetimapp.xml
  • %ALLUSERSPROFILE%\sweetim\messenger\conf\sweetim.xml
  • %ALLUSERSPROFILE%\sweetim\messenger\conf\messages.xml
  • %ALLUSERSPROFILE%\sweetim\messenger\conf\logger.xml
  • %ALLUSERSPROFILE%\sweetim\messenger\conf\contentpackages.xml
  • %ALLUSERSPROFILE%\sweetim\messenger\conf\autoupdate.xml
  • %ALLUSERSPROFILE%\sweetim\messenger\conf\adapter.xml
  • %ProgramFiles(x86)%\sweetim\messenger\contentpackagesactivationhandler.exe
  • %TEMP%\{a0c9df2b-89b5-4483-8983-18a68200f1b4}\vistacookiescollector.exe
  • %TEMP%\{a0c9df2b-89b5-4483-8983-18a68200f1b4}\mgsqlite3.dll
  • %TEMP%\{289826eb-816b-46e8-bb87-8a5ea23d4eb3}\sweetimsetup.msi
  • %ProgramFiles(x86)%\mozilla firefox\defaults\preferences\autoconfig.js
  • %ProgramFiles(x86)%\mozilla firefox\firefox.cfg
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\searchplugins\sweetim search.xml
  • %TEMP%\~a9c6.tmp
  • %TEMP%\{289826eb-816b-46e8-bb87-8a5ea23d4eb3}\0x0409.ini
  • %TEMP%\{289826eb-816b-46e8-bb87-8a5ea23d4eb3}\_ismsidel.ini
  • %TEMP%\{289826eb-816b-46e8-bb87-8a5ea23d4eb3}\setup.ini
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\1.cat
  • %WINDIR%\syswow64\jmdp\sweetnt.crx
  • %WINDIR%\syswow64\arfc\msvcr100.dll
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\400\bar.swf
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\400\bar.js
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\100\bar.js
  • %WINDIR%\syswow64\arfc\wrtc.exe
  • %ProgramFiles(x86)%\sweetim\messenger\mgflashplayer.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgarchive.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgadaptersproxy.dll
  • %ProgramFiles(x86)%\sweetim\messenger\sweetim.exe
  • %ProgramFiles(x86)%\sweetim\messenger\resources\sqlite\mgsqlite3.dll
  • %ProgramFiles(x86)%\sweetim\messenger\resources\images\winksbutton.png
  • %ProgramFiles(x86)%\sweetim\messenger\resources\images\soundfxbutton.png
  • %ProgramFiles(x86)%\sweetim\messenger\resources\images\nudgebutton.png
  • %ProgramFiles(x86)%\sweetim\messenger\resources\images\keyboardbutton.png
  • %ProgramFiles(x86)%\sweetim\messenger\resources\images\gamesbutton.png
  • %ProgramFiles(x86)%\sweetim\messenger\resources\images\emoticonbutton.png
  • %ProgramFiles(x86)%\sweetim\messenger\resources\images\audiblebutton.png
  • %ProgramFiles(x86)%\sweetim\messenger\mgmediaplayer.dll
  • %ProgramFiles(x86)%\sweetim\messenger\default.xml
  • %ALLUSERSPROFILE%\sweetim\messenger\data\packages\faildialog\failure_dialog_bg.jpg
  • %ALLUSERSPROFILE%\sweetim\messenger\data\packages\faildialog\close_but.gif
  • %ALLUSERSPROFILE%\sweetim\messenger\data\packages\faildialog\activationfail.htm
  • %ALLUSERSPROFILE%\sweetim\messenger\data\contentdb\cache_indx.dat
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\200\bar.swf
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\200\bar.js
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\200\bar.html
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\100\bar.swf
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\100\bar.html
  • %ProgramFiles(x86)%\sweetim\messenger\mgicqauto.dll
  • <SYSTEM32>\dmwu.exe
  • <SYSTEM32>\imhttpcomm.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvc.inf
  • %TEMP%\nsw8391.tmp\system.dll
  • %TEMP%\nsw8391.tmp\nsisos.dll
  • %ProgramFiles(x86)%\sweetpacks bundle uninstaller\uninstaller.exe
  • %TEMP%\1600547382_1144251_191_22.tmp
  • %TEMP%\1600547382_1143986_191_20.tmp
  • %TEMP%\1600547382_1143658_191_18.tmp
  • %TEMP%\1600547381_1143518_442_16.tmp
  • %TEMP%\1600547381_1143518_442_14.tmp
  • %TEMP%\1600547381_1143440_442_12.tmp
  • %APPDATA%\microsoft\windows\ietldcache\low\index.dat
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
  • %APPDATA%\microsoft\windows\cookies\low\index.dat
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\8kclqby9\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\q3nm7z7w\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\0zv1ehxb\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\dul1cuuw\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvcxp.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvc_old.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvcxp_old.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\dmwu.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvc.cat
  • %WINDIR%\syswow64\wnlt\installationfiles\injector\sweetnt.crx
  • %WINDIR%\syswow64\wnlt\installation\uninstaller.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\svchelper\wrtc.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\thch.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\svcsetup.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\setxpdriversigningpolicy.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\microsoft.vc80.crt.manifest
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcr80.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcp80.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcm80.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcr100.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgicqmessengeradapter.dll
  • %ProgramFiles(x86)%\sweetim\messenger\resources\images\displaypicturesbutton.png
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcp100.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\persgsvc_old.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\persgsvcxp.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\persgsvc.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\dmwu.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\thch.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\svcsetup.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\setxpdriversigningpolicy.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\msvcr100.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\msvcp100.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\imhttpcomm.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\imhttpcomm.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\persgsvcxp_old.inf
  • %ALLUSERSPROFILE%\sweetim\messenger\data\bars\default\400\bar.html
  • %ProgramFiles(x86)%\sweetim\messenger\mgmsnauto.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\free_stuff.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\glitter.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\find.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\eye_icon_over.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\eye_icon.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\e_cards.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\dictionary.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\dating.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\content-notifier.js
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\clear-history.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\bing.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\basis.xml
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\affid.dat
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\about.html
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\menuext.html
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\default.xml
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\microsoft.vc90.crt\msvcr90.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\microsoft.vc90.crt\msvcp90.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\microsoft.vc90.crt\msvcm90.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\microsoft.vc90.crt\microsoft.vc90.crt.manifest
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\conf\logger.xml
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\clearhist.exe
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\google.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\help.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mgtoolbarie.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\search-current-site.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\shopping.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mghelperapp.exe
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\mghelper.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\onstart.js
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\yahoo.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\web-search.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\video.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\toolbar.xml
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\sweetim_text.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\smileywink.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\smileysmile.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\games.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_yahoo.png
  • %ProgramFiles(x86)%\sweetim\messenger\mgmsnmessengeradapter.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\options.html
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\news.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\music.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\more-search-providers.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\logo_about.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\logo_32x32.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\logo_21x18.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\logo_16x16.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\locales.xml
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\highlight.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\photos.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\video.png
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_photo.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button.png
  • %TEMP%\{dd85d6bf-4787-4a93-99a5-3f0cf0ae8834}\mgsqlite3.dll
  • %TEMP%\{bcc9dff3-6126-4710-a164-0891d90a02b6}\sweetiesetup.msi
  • %TEMP%\~e7bf.tmp
  • %TEMP%\{bcc9dff3-6126-4710-a164-0891d90a02b6}\0x0409.ini
  • %TEMP%\{bcc9dff3-6126-4710-a164-0891d90a02b6}\_ismsidel.ini
  • %TEMP%\{bcc9dff3-6126-4710-a164-0891d90a02b6}\setup.ini
  • %TEMP%\1600547410_1171848_234_2.tmp
  • %WINDIR%\installer\{a0c9df2b-89b5-4483-8983-18a68200f1b4}\arpproducticon.exe
  • %ProgramFiles(x86)%\sweetim\messenger\msvcp71.dll
  • %ProgramFiles(x86)%\sweetim\messenger\msvcr71.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgxml_wrapper.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgsimcommon.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mglogger.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mghooking.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgconfig.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgcommunication.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgcommon.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgyahoomessengeradapter.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgyahooauto.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgupdatesupport.dll
  • %ProgramFiles(x86)%\sweetim\messenger\mgsweetim.dll
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_current.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_dictionary.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_bing.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_google.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_left.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_hover.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_hover.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_google.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_dictionary.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_current.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_bing.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_yahoo.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_web.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_video.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_photo.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_web.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\orange\search_button_video.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_google.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_dictionary.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_current.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_bing.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_blank.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_yahoo.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_web.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_video.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_photo.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\blue\search_button_left.png
  • %ProgramFiles(x86)%\sweetim\toolbars\internet explorer\resources\green\search_button_left.png
  • %TEMP%\1600547464_1226464_824_6.tmp
Sets the 'hidden' attribute to the following files
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\dul1cuuw\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\0zv1ehxb\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\q3nm7z7w\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\8kclqby9\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\1.cat
  • %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
Deletes the following files
  • %TEMP%\vistacookiescollector.exe
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\dnserror.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\domainutils.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\dynamic.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\exampledialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\exampledialog.html
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\exampledialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\file.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\findword.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\flavour.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\generalobserver.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\genericdialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\genericdialog.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\cookies.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\dialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\global-namespace.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\highlight.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\history.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\inject.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\install.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\logger.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\main.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\messagebox.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\newtab.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\optionsdialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\optionsdialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\ppcbully.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\registry.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\globals.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\gui.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\remote.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\release.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\contentmenu-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\smileysmile.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\smileywink.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\social-networks.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\splitter.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\toolbar.css
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\video.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\web-search-button-bg-hover.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\web-search-button-bg.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\web-search-button-glass.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\web-search.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\yahoo.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\contentmenu.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\photos.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\contentmenu.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome.manifest
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\meta-inf\zigbert.rsa
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\meta-inf\zigbert.sf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\addonlistener.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\addonmanager.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\bindings.xml
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\cdadialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\cdadialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\chevron.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\commands.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\config.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\configarray.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\components\simautocompletesearch.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\install.rdf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\meta-inf\manifest.mf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\exampledialog.html
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\script.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\highlight-disabled.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\logo.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\logo_19x19.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\logo_32x32.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\more-search-providers.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\music.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\photos.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\search-current-site.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\smileysmile.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\smileywink.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\social-networks.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\splitter.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\google.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\toolbar.css
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\highlight.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\web-search-button-bg-hover.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\web-search-button-glass.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\web-search.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\yahoo.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome.manifest
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\components\simautocompletesearch.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\install.rdf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\meta-inf\manifest.mf
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\meta-inf\zigbert.rsa
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\meta-inf\zigbert.sf
  • %TEMP%\1600547455_1217229_392_2.tmp
  • %TEMP%\1600547445_1207182_212_4.tmp
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\video.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\find.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\web-search-button-bg.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\finance.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\dictionary.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\searchguard.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\splitter.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\stringbundles.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\tabinfo-array.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\tabinfo.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\toolbar.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\toolbar.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\tooltip.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\uninstallobserver.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\version-ff.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\version.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\visibility.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\wait.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\webprogresslistener.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\searchservice.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\de-de\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\en-us\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\en-us\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\es-es\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\es-es\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\fr-fr\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\fr-fr\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\it-it\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\it-it\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\nl-nl\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\nl-nl\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\bing.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\skin\clear-history.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\music.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\locale\de-de\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\search-current-site.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\more-search-providers.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\logo_32x32.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\logo_19x19.png
  • %TEMP%\{289826eb-816b-46e8-bb87-8a5ea23d4eb3}\setup.ini
  • %TEMP%\{289826eb-816b-46e8-bb87-8a5ea23d4eb3}\sweetimsetup.msi
  • %TEMP%\{289826eb-816b-46e8-bb87-8a5ea23d4eb3}\_ismsidel.ini
  • %TEMP%\~e7bf.tmp
  • %TEMP%\{dd85d6bf-4787-4a93-99a5-3f0cf0ae8834}\mgsqlite3.dll
  • %TEMP%\{bcc9dff3-6126-4710-a164-0891d90a02b6}\0x0409.ini
  • %TEMP%\{bcc9dff3-6126-4710-a164-0891d90a02b6}\setup.ini
  • %TEMP%\{bcc9dff3-6126-4710-a164-0891d90a02b6}\sweetiesetup.msi
  • %TEMP%\{bcc9dff3-6126-4710-a164-0891d90a02b6}\_ismsidel.ini
  • %TEMP%\1600547410_1171848_234_2.tmp
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\addonlistener.js
  • %TEMP%\{a0c9df2b-89b5-4483-8983-18a68200f1b4}\mgsqlite3.dll
  • %TEMP%\nsw8391.tmp\system.dll
  • %TEMP%\{289826eb-816b-46e8-bb87-8a5ea23d4eb3}\0x0409.ini
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\addonmanager.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\chevron.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\commands.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\config.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\configarray.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\contentmenu-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\contentmenu.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\contentmenu.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\cookies.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\dialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\dnserror.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\domainutils.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\bindings.xml
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\cdadialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\cdadialog.js
  • %TEMP%\~a9c6.tmp
  • %TEMP%\nsw8391.tmp\nsisos.dll
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\dynamic.js
  • %WINDIR%\syswow64\wnlt\installationfiles\svchelper\wrtc.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\dmwu.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\imhttpcomm.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\msvcp100.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\msvcr100.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvc.cat
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvc.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvcxp.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvcxp_old.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\persgsvc_old.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\setxpdriversigningpolicy.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\svcsetup.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x64\thch.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\injector\sweetnt.crx
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\dmwu.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\microsoft.vc80.crt.manifest
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcm80.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcp100.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcp80.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcr100.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\msvcr80.dll
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\persgsvc.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\persgsvcxp.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\persgsvcxp_old.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\persgsvc_old.inf
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\setxpdriversigningpolicy.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\svcsetup.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\thch.exe
  • %WINDIR%\syswow64\wnlt\installationfiles\x86\imhttpcomm.dll
  • %TEMP%\sweetimsetup.exe
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1218461\chrome\mgtoolbarff\content\search.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\exampledialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\findword.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\version-ff.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\version.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\visibility.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\wait.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\webprogresslistener.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\de-de\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\de-de\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\en-us\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\en-us\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\es-es\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\es-es\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\toolbar.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\fr-fr\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\uninstallobserver.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\it-it\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\nl-nl\toolbar.dtd
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\nl-nl\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\bing.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\clear-history.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\dictionary.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\finance.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\find.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\google.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\highlight-disabled.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\highlight.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\skin\logo.png
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\fr-fr\toolbar.properties
  • %TEMP%\{a0c9df2b-89b5-4483-8983-18a68200f1b4}\vistacookiescollector.exe
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\locale\it-it\toolbar.properties
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\tooltip.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\toolbar.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\tabinfo.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\flavour.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\generalobserver.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\genericdialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\genericdialog.xul
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\global-namespace.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\globals.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\gui.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\highlight.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\history.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\inject.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\install.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\logger.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\file.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\main.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\newtab.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\optionsdialog-handler.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\optionsdialog.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\ppcbully.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\registry.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\release.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\remote.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\script.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\search.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\searchguard.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\searchservice.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\splitter.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\stringbundles.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\messagebox.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\tabinfo-array.js
  • %LOCALAPPDATA%\tempsweetim_temp_folder_1217244\chrome\mgtoolbarff\content\exampledialog.js
  • %TEMP%\sweetiesetup.exe
Moves the following files
  • from %TEMP%\1600547378_1140289_965_8.tmp to %TEMP%\vistacookiescollector.exe
  • from %TEMP%\1600547381_1143440_442_12.tmp to %TEMP%\genericuninstall.exe
  • from %TEMP%\1600547381_1143518_442_14.tmp to %TEMP%\uninstaller.exe
  • from %TEMP%\1600547381_1143518_442_16.tmp to %TEMP%\wssetup.exe
  • from %TEMP%\1600547382_1143658_191_18.tmp to %TEMP%\sweetimsetup.exe
  • from %TEMP%\1600547382_1143986_191_20.tmp to %TEMP%\sweetiesetup.exe
  • from %TEMP%\1600547382_1144251_191_22.tmp to %TEMP%\mgsqlite3.dll
  • from %TEMP%\1600547464_1226464_824_6.tmp to %ProgramFiles(x86)%\sweetim\installers\uninstff2.exe
Network activity
Connects to
  • 'ce#.##credimail.com':80
  • 's4.##rion.com':80
TCP
HTTP GET requests
  • http://cd#.####load.sweetim.com/download/sweetpacks/sim/mgsqlite3.7z
UDP
  • DNS ASK cd#.####load.sweetim.com
  • DNS ASK do#####d.sweetim.com
  • DNS ASK co####t.sweetim.com
  • DNS ASK ce#.##credimail.com
  • DNS ASK s4.##rion.com
  • DNS ASK sw##tim.com
Miscellaneous
Searches for the following windows
  • ClassName: '#32770' WindowName: 'SweetIM'
Creates and executes the following
  • '%TEMP%\vistacookiescollector.exe' http://sw#####.#####LOCALAPPDATA%Low\simcookies.dat
  • '%TEMP%\genericuninstall.exe' /appName="SweetIM Bundle by SweetPacks" /pub="SweetPacks LTD" /cmd="%ProgramFiles%\sweetpacks bundle uninstaller\uninstaller.exe" /linkurl="http://lp.##eetim.com/SweetPacksBundleUninstaller" /s...
  • '%TEMP%\wssetup.exe' /SILENT /GOOGLE 1 /BI /URL=SIM /SIMAPPID={D83E9F60-FAB6-11EA-A21E-DC2EC2A55B32} /CARGO=crg= /IE 0 /FF 0 /CH 0
  • '%WINDIR%\syswow64\wnlt\installationfiles\x64\thch.exe'
  • '%WINDIR%\syswow64\wnlt\installationfiles\x64\svcsetup.exe' /install /inf "%WINDIR%\SysWOW64\WNLT\InstallationFiles\x64\persgsvc.inf" /cat "%WINDIR%\SysWOW64\WNLT\InstallationFiles\x64\persgsvc.cat"
  • '<SYSTEM32>\dmwu.exe' /setup /LaunchedByInstaller /GoogleCompliant
  • '<SYSTEM32>\dmwu.exe'
  • '%TEMP%\sweetimsetup.exe' /s /w /v" /qn SIMHP=0 SIMSP=0 "
  • '%TEMP%\{a0c9df2b-89b5-4483-8983-18a68200f1b4}\vistacookiescollector.exe' http://sw#####.#####LOCALAPPDATA%Low\simcookies.dat
  • '%ProgramFiles(x86)%\sweetim\messenger\sweetim.exe' -AutoStartIM
  • '%TEMP%\sweetiesetup.exe' SIMINSTALLTBIE=1 SIMADDREGGCNT={Cargo=} SIMINSTALLTBFF=1 SIMINSTALLTBGC2=0 SIMINSTALLNTGC2=0 SIMADDNTGCARP=1 SIMADDTBGCARP=1 SIMTBIEMSI={$ /s /w /v" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=0,Us...
  • '%TEMP%\1600547410_1171848_234_2.tmp' /s /w /v" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=0,UserSelectedDS=0,Cargo=} "
  • '%WINDIR%\syswow64\arfc\wrtc.exe' getlastinputinfo
Executes the following
  • '%WINDIR%\syswow64\msiexec.exe' /i "%TEMP%\{289826EB-816B-46E8-BB87-8A5EA23D4EB3}\SweetIMSetup.msi" /qn SIMHP=0 SIMSP=0 SETUPEXEDIR="%LOCALAPPDATA%\Temp"
  • '%WINDIR%\syswow64\msiexec.exe' /i "%TEMP%\{BCC9DFF3-6126-4710-A164-0891D90A02B6}\SweetIESetup.msi" /qn SIMOB=0 SIMADDREGIE={UserSelectedHP=0,UserSelectedDS=0,Cargo=} SETUPEXEDIR="%LOCALAPPDATA%\Temp"

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play