Техническая информация
Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'kxesc' = '"%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxetray.exe" -autorun'
Устанавливает следующие настройки сервисов
- [HKLM\System\CurrentControlSet\Services\kxescore] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\kxescore] 'ImagePath' = '"%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore'
- [HKLM\System\CurrentControlSet\Services\KDHacker] 'Start' = '00000001'
- [HKLM\System\CurrentControlSet\Services\KDHacker] 'ImagePath' = '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys'
- [HKLM\System\CurrentControlSet\Services\kisknl] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\kisknl] 'ImagePath' = '<DRIVERS>\kisknl.sys'
- [HKLM\System\CurrentControlSet\Services\kisnetm] 'Start' = '00000001'
- [HKLM\System\CurrentControlSet\Services\kisnetm] 'ImagePath' = '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys'
Создает следующие сервисы
- 'kxescore' "%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore
- 'KDHacker' %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys
- 'kisknl' <DRIVERS>\kisknl.sys
- 'kisnetm' %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys
Вредоносные функции
Запускает на исполнение
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\PPLive\PPTV\PPLive.exe" PPLive Enable
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\PPLive\PPTV\3.3.1.0038\PPLiveU.exe" PPLiveU Enable
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\PPLive\PPTV\3.3.1.0038\RepairSetup.exe" RepairSetup Enable
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\PPLive\PPTV\3.3.1.0038\CrashReporter.exe" CrashReporter Enable
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\PPTVLauncher.exe" PPTVLauncher Enable
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%CommonProgramFiles(x86)%\PPLiveNetwork\PPAP.exe" PPLive Enable
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\Internet Explorer\PPLite\plugin\1.0.1.3117\PluginInstaller.exe" PluginInstaller Enable
Регистрирует фильтр файловой системы
- [HKLM\System\CurrentControlSet\Services\kisknl] 'Group' = 'FSFilter Anti-Virus'
Изменения в файловой системе
Создает следующие файлы
- C:\pptv(pplive)_jinshan_9025.exe
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\ppopt.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\restore.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\repairsetup.exe
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\hwcheck.exe
- C:\users\public\desktop\新毒霸.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\新毒霸.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\在线升级.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\卸载新毒霸.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\病毒隔离系统.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\日志查看器.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\访问金山公司网站\新毒霸官方微博.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\访问金山公司网站\新毒霸官方社区.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\访问金山公司网站\新毒霸网站.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\金山毒霸\访问金山公司网站\金山公司主页.lnk
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\desktop.ini
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\gcswf32.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kislive.log
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\pprepair.dll
- %ALLUSERSPROFILE%\kingsoft\kis\installtimecfg.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\ppvoddownload.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\5.png
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetmxp.sys
- <DRIVERS>\kisnetmxp.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksapi.sys
- <DRIVERS>\ksapi.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksapi64.sys
- <DRIVERS>\ksapi64.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksskrpr.sys
- <DRIVERS>\ksskrpr.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kusbquery.sys
- <DRIVERS>\kusbquery.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kusbquery64.sys
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\admodule.dll
- <DRIVERS>\kusbquery64.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\1.jpg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\2.jpg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\3.jpg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\4.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\ckdll.dll
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwctrl2.che
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\log\defmsg.log
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kws_init.log
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\main.pptvres
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\fdsdcache.db
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\rule.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\startup.pptvres
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\etadpu.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\deconfig.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\expand_rule.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\erotser.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\what's new.txt
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\pptvlicense.txt
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\chctrl.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\filepick.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\iebrowser.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\ieproxy.dll
- %ALLUSERSPROFILE%\kingsoft\kis\kich\514-cef36ffe-6529e065-72.ich
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\log\ksdecs_trace.log
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\log\kmctrl_trace.log
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\fdsdcache.db-journal
- <DRIVERS>\kisnetm64.sys
- %WINDIR%\temp\uddf4ba.tmp
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\log\ksdectrl_trace.log
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\avcodec-53.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksbwdet2.dll.log
- %ALLUSERSPROFILE%\kingsoft\kis\hg.dat
- %ALLUSERSPROFILE%\kingsoft\ksbw\kns2.che
- %ALLUSERSPROFILE%\kingsoft\kis\kws\urlcache.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\webui\icon\fdlocal.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\webui\icon\fdlocal.bak
- %ALLUSERSPROFILE%\kingsoft\kis\kws\dfcache.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\avformat-53.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\webui\icon\btbg.gif
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\avutil-51.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\noisrev.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\module.txt
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kdehuser.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kfcdetect.dll.log
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcuploadsp.dat-journal
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcuploadsp.dat
- %TEMP%\kantivirus\kresult.log
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\log\kxescore.exe.log
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwansvc.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\msvcp100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kswbc.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\msvcr100.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\atl100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kswebshield.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\ppcef.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kswscxex.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksysopteng.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ktoastpop.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ktoolupd.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ktrashmon.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ktrashscan.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kupdatesp.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kusbcore.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kusbscan.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\omng.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kvip.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kstools.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kvipcore.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksscore.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\ppliverepair.exe
- %CommonProgramFiles(x86)%\pplivenetwork\msvcp100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksdectrl.dll
- %CommonProgramFiles(x86)%\pplivenetwork\msvcr100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kseescan.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksesscan.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kseutil.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksextfix.dll
- %CommonProgramFiles(x86)%\pplivenetwork\atl100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kshmpg.dll
- %CommonProgramFiles(x86)%\pplivenetwork\version.dat
- %CommonProgramFiles(x86)%\pplivenetwork\product.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kshmpgext.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksinst.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kskinmgr.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksolescanner.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kspcore.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kspupwnd.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksreng3.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\ui.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwssp.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\scom.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\sqlite.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\wfs.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\bc.sys
- <DRIVERS>\bc.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kavbootc.sys
- <DRIVERS>\kavbootc.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kavbootc64.sys
- <DRIVERS>\kavbootc64.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys
- <DRIVERS>\kdhacker.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys
- <DRIVERS>\kdhacker64.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\kisknl.sys
- <DRIVERS>\kisknl.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\kisknl64.sys
- <DRIVERS>\kisknl64.sys
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\uilib.dll
- <DRIVERS>\kisnetm.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\npkws.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\netbuyprot.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\productupdate.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwsui.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\crashreporter.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwsui64.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxebase.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxebscsp.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxecore\kxecore.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxecore\kxelog.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxereg.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kxesansp.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\lbhelper.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\lblocker.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\troubleshooter.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\msvcp80.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\skinconverter.exe
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\logclient.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\msvcr80.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\ppp.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\nclist.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\urlmon.cfg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\autoflux.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\favorites.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\offline.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pplive.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.3gp.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.amr.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.avi.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.flv.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.mkv.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.mp4.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.mpg.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.ra.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.rm.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.swf.ico
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxescore.exe.0.log
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.wav.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.wma.ico
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwlog.dat-journal
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\3.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images2\bg_x_qipao.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\2_4.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\2_2.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images2\style.css
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\menu.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\common.js
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\history.css
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\history_1.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\history_2.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\history_all.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\history_bg.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\left_menu_bg.jpg
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\re_tips.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\re_tips_bg.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\menu\res\v33_user_panel.js
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\search_info\common.js
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\search_info\index.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\search_info\logo24.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\search_info\play_btn.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\2_1.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\2_3.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images2\img.png
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwlog.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\game.ico
- %ALLUSERSPROFILE%\application data\pplive\pptv\cache\pluginad\adconfig.ini
- %TEMP%\nsk8566.tmp\gtapi_signed.dll
- %TEMP%\nsk8566.tmp\binddll.dll
- %WINDIR%\syswow64\pptvlauncher.exe
- <SYSTEM32>\pptvlauncher.exe
- %WINDIR%\syswow64\pptvsvc.dll
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcbase.dat-journal
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\deflist.dat
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcbase.dat
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcwsign.dat
- %APPDATA%\pplive\pptv\pptvlog.log
- %APPDATA%\pplive\pptv\cache\index
- %APPDATA%\pplive\pptv\cache\data_0
- %APPDATA%\pplive\pptv\cache\data_1
- %APPDATA%\pplive\pptv\cache\data_2
- %APPDATA%\pplive\pptv\cache\data_3
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwbase.dat
- %ALLUSERSPROFILE%\pplive\pptv\cache\list\catalog-1-0.xml
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.video.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\pptv.wmv.ico
- %ProgramFiles(x86)%\pplive\pptv\version.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\hot.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\ikan-p.ico
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwlog3.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\install_s.ico
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwfile.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwfile.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\link.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\perform.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\icons\recent.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\teachconfig.ini
- %ProgramFiles(x86)%\pplive\pptv\msvcp100.dll
- %ProgramFiles(x86)%\pplive\pptv\msvcr100.dll
- %ProgramFiles(x86)%\pplive\pptv\atl100.dll
- %ProgramFiles(x86)%\pplive\pptv\pplive.exe
- %ProgramFiles(x86)%\pplive\pptv\noisrev.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\ppliveu.exe
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwlog3.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwbase.dat-journal
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images\nolink.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images\menu.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images\err_3.jpg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\fluxstastic.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\h264_dec_filter.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\plugout\client_ap.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\update\ch.ini
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\update\icon.ico
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\update\progress.gif
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\update\upgrade_bg1.bmp
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\update\upgrade_bg2.bmp
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\update\upgrade_bg3.bmp
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\update\upgrade_title.bmp
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\update\upgrade_title2.bmp
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\nocache.list
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\ppliveflv.swf
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\postpone.list
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\specifypath.list
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\urlcache.list
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\vsfilter.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\audio.swf
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\oplayer.ocx
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\mp4splitter.ax
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\ppdlna.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\ppframe.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\procinfo.dat
- %WINDIR%\temp\udd2fe.tmp
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\ppoptions.dll
- %WINDIR%\temp\udd2de.tmp
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kseset.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksepnf.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kseexf.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\01c45e18_wfsexa0.dat-journal
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\components\mframe.dll
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\audioswitcher.ax
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\coreaac.ax
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\coreavc.ax
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\01c45e18_wfsexa0.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\coreavc.2.0.0.0.ax
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\http_asf_source.ax
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\fluxcache.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\buffer.swf
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\player\avcvideodec.ax
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\crossdomain.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\01c45e18_wfsexa1.dat-journal
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\popupwnd.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\errorpage.htm
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\icon.gif
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\icon2.gif
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\interactionerror.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\nolink.htm
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\page.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\page2.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\cjs\err.js
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images\404.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images\bg_x_channel.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images\err.css
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images\err_1.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\images\err_2.jpg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\01c45e18_wfsexa1.dat
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\style.css
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\loading.gif
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\local\freshpushwnd.htm
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\payprompt.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\line2.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\firewall.swf
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\logo.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\logo.swf
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\vip.swf
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\gobalspeaker.js
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\horn.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\horn.js
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\json2.js
- %CommonProgramFiles(x86)%\pplivenetwork\ppap.exe
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\mypb_pay.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\mypb.js
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\mypb_sendfail.html
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\bg_f_confirm.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\bg_input.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\f_paybox.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\ico_payprompt.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\img.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\images\line.png
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\ieloading.swf
- %ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\data\horn\mypb_paysuccess.html
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcwsign.dat-journal
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\resource\pptv.url
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksapi.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\holiday.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\hotspot.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ifrcfg.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\install.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavvipcfg.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kconfig.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kissuerepair.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksafetips.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksdoccfg.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksoft.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kswscxex_ser.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\neybuydescrip.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\popcfg.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\scom.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\pop_cd_cleanrubbish2\setting_menu.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\speedtest.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\pop_cd_cleanrubbish2\style.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\game.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\weatherconfig.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\forecastmsg.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\clear.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\skin\default.jpg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\skin\theme\default.jpg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\knet.png
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\metroimg\metro_blue.png
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\metroimg\metro_green.png
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\metroimg\metro_orange.png
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\metroimg\metro_red.png
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\duba123.ico
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\duba123ie.ico
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\duba123ienew.ico
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\vduba\vduba.ico
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\npkws.xpi
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\microsoft.vc80.crt.manifest
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\microsoft.vc80.mfc.manifest
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\pop_cd_cleanrubbish2\action.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\avrepair.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\citys.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\fireeye.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksrengcfg.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\npkws.crx
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_main.htm
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kvipfree.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kxeutilcfg.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\module.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\productidinfo.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\push_msg_city_list.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\quarantine.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\signs.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\sjkpopcfg.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\vinfo.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\weathertype.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\bro.cfg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\webui\icon\fdlocal.cfg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\vplayer.cfg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\cloudctrl.config
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\kpopcfg.config
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\liectrl.config
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\recommendctrl.config
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kusb_config.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\skin\theme\binglanbeiji.jpg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksscfgx.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksedset.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_weibo.htm
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\broplugver.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\deheurcfg.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\hmpgconfig.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kae\kaecore.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kavcfg.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavstart.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\kccprotocol_cfg.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kcommon.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kdehacker.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kdock.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kfccfg.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\khackfix.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\khistory.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kismain.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksbwdt.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksecfg.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_bbs.htm
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_duba.htm
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_unknown_no.gif
- %TEMP%\kantivirus\~d8e1b\install_res\201.bmp
- %TEMP%\kantivirus\~d8e1b\install_res\4.png
- %TEMP%\kantivirus\~d8e1b\install_res\5.png
- %TEMP%\kantivirus\~d8e1b\install_res\63.png
- %TEMP%\kantivirus\~d8e1b\install_res\64.png
- %TEMP%\kantivirus\~d8e1b\install_res\65.png
- %TEMP%\kantivirus\~d8e1b\install_res\66.png
- %TEMP%\kantivirus\~d8e1b\install_res\67.png
- %TEMP%\kantivirus\~d8e1b\install_res\68.png
- %TEMP%\kantivirus\~d8e1b\install_res\69.png
- %TEMP%\kantivirus\~d8e1b\install_res\70.png
- %TEMP%\kantivirus\~d8e1b\install_res\72.png
- %TEMP%\kantivirus\~d8e1b\install_res\73.png
- %TEMP%\kantivirus\~d8e1b\install_res\74.png
- %TEMP%\kantivirus\~d8e1b\install_res\75.png
- %TEMP%\kantivirus\~d8e1b\install_res\76.png
- %TEMP%\kantivirus\~d8e1b\install_res\9.png
- %TEMP%\kantivirus\~d8e1b\install_res\100.bmp
- %TEMP%\kantivirus\~d8e1b\install_res\34.png
- %TEMP%\kantivirus\~d8e1b\install_res\109.bmp
- %TEMP%\kantivirus\~d8e1b\install_res\32.png
- %TEMP%\kantivirus\~d8e1b\install_res\19.png
- %TEMP%\nsf8546.tmp
- %TEMP%\nsk8566.tmp\system.dll
- %TEMP%\nsk8566.tmp\findprocdll.dll
- %TEMP%\nsk8566.tmp\killprocdll.dll
- %TEMP%\nsk8566.tmp\inetload.dll
- C:\haoie3559.exe
- C:\kavsetups_66_7912.exe
- %TEMP%\nsk8566.tmp\atl100.dll
- %TEMP%\nsk8566.tmp\msvcp100.dll
- %TEMP%\nsk8566.tmp\msvcr100.dll
- %TEMP%\nsk8566.tmp\ppinstalllog.dll
- %TEMP%\kantivirus\kavsetup.log
- %TEMP%\kantivirus\~d8e1b\install_res\1.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\110.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\2.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\3.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\31.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\20.png
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgsafetrb.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_safe_no.gif
- %TEMP%\kantivirus\~d8e1b\install_res\citys.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgunkownlts.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgunkowntrb.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgunkowntrs.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbt.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\webui\icon\defpolicy.gif
- %ProgramFiles(x86)%\pplive\pptv\installlog.txt
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kwsdownicon.gif
- %CommonProgramFiles(x86)%\pplivenetwork\installlog.txt
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kwsdownicon1.gif
- %TEMP%\nsk8566.tmp\getcommentsinfodll.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kwsupicon.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kwsupicon1.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_adult.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_adult_no.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_danger.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_danger_no.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_safe.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgunkownltb.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_unknown.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgsafetrs.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgsafelts.gif
- %TEMP%\kantivirus\~d8e1b\clear_i.xml
- %TEMP%\kantivirus\~d8e1b\ksoft.xml
- %TEMP%\kantivirus\~d8e1b\product.xml
- %TEMP%\kantivirus\~d8e1b\setup.xml
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\webui\icon\bkfilter.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\webui\icon\bkgrdx.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\webui\icon\bkplugin.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgadultltb.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgadultlts.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgadulttrb.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgadulttrs.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgdangerltb.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgdangerlts.gif
- %TEMP%\nsk8566.tmp\time.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgdangertrb.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgdangertrs.gif
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgsafeltb.gif
- %TEMP%\kantivirus\~d8e1b\install_res\200.bmp
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\apdev.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\apdev.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\bredirect.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kavquara.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kcctrl.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kcomponent.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kdefendpop.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kdgui2.dll
- %TEMP%\nsk8566.tmp\bind_en-us.ini
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kdynmrey.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\keasyipcn.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kfcdetect.dll
- %TEMP%\nsk8566.tmp\pnsis.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kfloatwin.dll
- %CommonProgramFiles(x86)%\pplivenetwork\converter.exe
- %CommonProgramFiles(x86)%\pplivenetwork\mngmodule.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\converter.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\bubblectrl.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\mngmodule.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\crashreporter.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavmenu64.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksetupwiz.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavmenu.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kavdevc.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kvipwiz.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwsprotect64.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxescore.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxetray.exe
- %TEMP%\nsk8566.tmp\cknsis.dll
- %TEMP%\nsk8566.tmp\asyndownload.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\uni0nst.exe
- %TEMP%\nsk8566.tmp\ppaddwhite.dll
- %TEMP%\nsk8566.tmp\commonfuncdll.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\bittransport.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\defendmon.dll
- %ProgramFiles(x86)%\internet explorer\pplite\plugin\1.0.1.3117\pplugin2.dll
- %ProgramFiles(x86)%\internet explorer\pplite\plugin\1.0.1.3117\npplugin2.dll
- %ProgramFiles(x86)%\internet explorer\pplite\plugin\1.0.1.3117\plugininstaller.exe
- %ProgramFiles(x86)%\internet explorer\pplite\plugin\version.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\jsonv6.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kanthack.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavevent.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kupdata.exe
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\uilib.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\restore.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\krcmddown.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\coreavc.2.0.0.0.ax
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\msvcp100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\krcmdmon.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\msvcr100.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\atl100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksafevul.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\ksdecs.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\http_asf_source.ax
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksapi64.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\mp4splitter.ax
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksbwdet2.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\oplayer.ocx
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\vsfilter.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kscanner.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\avcvideodec.ax
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\coreaac.ax
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\coreavc.ax
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\tipsbubble.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\tipsclient.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kpopsvr.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\iebrowser.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\ppcef.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\khandler.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\khistory.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\operation\cas\kinfoc.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\msvcp100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kisfdpro64.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kismain.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\msvcr100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\klengine.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\atl100.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\kmctrl.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kminitray.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksnetm\kmonstat.dll
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kpopclt.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\kernel\peer.dll
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\erotser.dat
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\player\audioswitcher.ax
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kscan.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\krecycle.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kphonewiz.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\config\ksesysfiles.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksfilter.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksolec.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\ksoles.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\ksysoptlp.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kusbhwl.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kvipver.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwnp.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwpl.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwsadr.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwsshop.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwsu.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kxecomm.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\lpolicy.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\netbank.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\office.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ksais.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\office_add.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kqsccfg.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\kpld.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\config3.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\config3a.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\defbro.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\defmisc.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\deswitch.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\fnsign.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\iglist.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\kaccclear.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kae\kaearcha.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kae\kaearchb.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kae\kaecore.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kae\karchive.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\operation\cas\kctrl.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kdh.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kfc_hfps.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\khandler.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\kplc.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kpretend.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\ksde\progrule.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\ksdmalwarez.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\protect.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxeksgpid.kid
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\krmcdm.krf
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\rule.krf
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\pop_cd_cleanrubbish2\skin.ksfskin
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\npkws.mxaddon
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\sp3a.nlb
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\sougouext.sext
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\shoujizhushou\sjkuplive.svr
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\uplive.svr
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxescore_sp.xcf
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavlog2.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kcleaner.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kdownloader.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kdrvmgr.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kislive.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kismain.exe
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwifitool.kid
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\khackfix.kid
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\denyip.krf
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kvmpid2.kid
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kcommonpid.kid
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\se.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\system.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\system64.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\system64_add.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\system_add.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\skin\theme\themelist.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\trashfilerule.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\ressrc\chs\upcfg.dat
- %CommonProgramFiles(x86)%\pplivenetwork\1.0.1.3117\resource\ikan-p.ico
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\wd.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\vrulecfg.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\whiteurl.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\operation\cas\kfmt.datx
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\skin\duba_binglanbeiji.dubaskin
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\skin\theme\binglanbeiji.dubatheme
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\data.fsg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\unknown.fsg
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavpid.kid
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\softicon.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\wgsites.dat
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\data\defevent_134b365.dat
Удаляет следующие файлы
- %TEMP%\kantivirus\~d8e1b\clear_i.xml
- %WINDIR%\temp\uddf4ba.tmp
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\fdsdcache.db-journal
- %WINDIR%\temp\udd2de.tmp
- %WINDIR%\temp\udd2fe.tmp
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\01c45e18_wfsexa0.dat-journal
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\01c45e18_wfsexa1.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwlog.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwlog3.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwfile.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwbase.dat-journal
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcbase.dat-journal
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcwsign.dat-journal
- %TEMP%\nsk8566.tmp\asyndownload.dll
- %TEMP%\nsk8566.tmp\binddll.dll
- %TEMP%\nsk8566.tmp\system.dll
- %TEMP%\nsk8566.tmp\bind_en-us.ini
- %TEMP%\nsk8566.tmp\cknsis.dll
- %TEMP%\nsk8566.tmp\commonfuncdll.dll
- %TEMP%\nsk8566.tmp\findprocdll.dll
- %TEMP%\nsk8566.tmp\getcommentsinfodll.dll
- %TEMP%\nsk8566.tmp\gtapi_signed.dll
- %TEMP%\nsk8566.tmp\inetload.dll
- %TEMP%\nsk8566.tmp\killprocdll.dll
- %TEMP%\nsk8566.tmp\msvcp100.dll
- %TEMP%\nsk8566.tmp\msvcr100.dll
- %TEMP%\nsk8566.tmp\pnsis.dll
- %TEMP%\nsk8566.tmp\ppaddwhite.dll
- %TEMP%\nsk8566.tmp\ppinstalllog.dll
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcuploadsp.dat-journal
- %TEMP%\nsk8566.tmp\atl100.dll
- %TEMP%\kantivirus\~d8e1b\ksoft.xml
- %TEMP%\kantivirus\~d8e1b\install_res\4.png
- %TEMP%\kantivirus\~d8e1b\install_res\1.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\100.bmp
- %TEMP%\kantivirus\~d8e1b\install_res\109.bmp
- %TEMP%\kantivirus\~d8e1b\install_res\110.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\19.png
- %TEMP%\kantivirus\~d8e1b\install_res\2.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\20.png
- %TEMP%\kantivirus\~d8e1b\install_res\200.bmp
- %TEMP%\kantivirus\~d8e1b\install_res\201.bmp
- %TEMP%\kantivirus\~d8e1b\install_res\3.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\31.jpg
- %TEMP%\kantivirus\~d8e1b\install_res\32.png
- %TEMP%\kantivirus\~d8e1b\install_res\34.png
- %TEMP%\kantivirus\~d8e1b\install_res\5.png
- %TEMP%\kantivirus\~d8e1b\install_res\9.png
- %TEMP%\kantivirus\~d8e1b\install_res\63.png
- %TEMP%\kantivirus\~d8e1b\install_res\64.png
- %TEMP%\kantivirus\~d8e1b\install_res\65.png
- %TEMP%\kantivirus\~d8e1b\install_res\66.png
- %TEMP%\kantivirus\~d8e1b\install_res\67.png
- %TEMP%\kantivirus\~d8e1b\install_res\68.png
- %TEMP%\kantivirus\~d8e1b\install_res\69.png
- %TEMP%\kantivirus\~d8e1b\install_res\70.png
- %TEMP%\kantivirus\~d8e1b\install_res\72.png
- %TEMP%\kantivirus\~d8e1b\install_res\73.png
- %TEMP%\kantivirus\~d8e1b\install_res\74.png
- %TEMP%\kantivirus\~d8e1b\install_res\75.png
- %TEMP%\kantivirus\~d8e1b\install_res\76.png
- %TEMP%\kantivirus\~d8e1b\install_res\citys.xml
- %TEMP%\nsk8566.tmp\time.dll
Перемещает следующие файлы
- <DRIVERS>\kisknl.sys в <DRIVERS>\kisknl_del.sys
Подменяет следующие файлы
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcuploadsp.dat-journal
- <DRIVERS>\kisknl.sys
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\01c45e18_wfsexa0.dat-journal
- %ProgramFiles(x86)%\kingsoft\kingsoft antivirus\security\kxescan\kse_wfsdata\01c45e18_wfsexa1.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwlog.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwfile.dat-journal
- %ALLUSERSPROFILE%\kingsoft\ksbw\ksbwbase.dat-journal
- %ALLUSERSPROFILE%\kingsoft\kfc\kfcbase.dat-journal
Сетевая активность
Подключается к
- 'd.#####.ijinshan.com':80
- 'ct.#uba.net':80
- 'in#.#plive.com':80
- 'di#.##inshan.com':80
- 'in###0.duba.net':80
- 'tj.####n.ijinshan.com':80
- 'in###2.duba.net':80
- 'cl####q.duba.net':80
- 'kn#.#uba.net':80
- 'cv.#uba.net':80
- '11#.#3.89.14':80
- '12#.#2.183.150':80
- 'v2.##3.duba.net':80
- 'cu###.www.duba.net':80
TCP
Запросы HTTP GET
- http://d.#####.ijinshan.com/pptv/link/PPTV(pplive)_jinshan_9025.exe
- http://d.#####.ijinshan.com/haoie/link/haoie3559.exe
- http://d.#####.ijinshan.com/duba/link/KAVSETUPS_66_7912.exe
- http://in#.#plive.com/config/pptv/qd-all-slient-onelink-autostart/forqd926/bind_en-us.ini
- http://cl####q.duba.net/abc
- http://cv.#uba.net/cv?uu###################################################################
- http://11#.#3.89.14/
- http://12#.#2.183.150/
Запросы HTTP POST
- http://ct.#uba.net/itid
- http://di#.##inshan.com/db/?v=####################################################################################################################################################
- http://in###0.duba.net/c/
- http://tj.####n.ijinshan.com/c/
- http://in###2.duba.net/c/
- http://kn#.#uba.net/kns-query
- http://v2.##3.duba.net/v/
UDP
- DNS ASK ww##.97bs.com
- DNS ASK d.#####.ijinshan.com
- DNS ASK in#####sion.pplive.com
- DNS ASK ct.#uba.net
- DNS ASK wq.###ud.duba.net
- DNS ASK in#.#plive.com
- DNS ASK di#.##inshan.com
- DNS ASK in###0.duba.net
- DNS ASK tj.####n.ijinshan.com
- DNS ASK in###2.duba.net
- DNS ASK cl####q.duba.net
- DNS ASK kn#.#uba.net
- DNS ASK cv.#uba.net
- DNS ASK v2.##3.duba.net
- DNS ASK cu###.www.duba.net
Другое
Создает и запускает на исполнение
- 'C:\pptv(pplive)_jinshan_9025.exe'
- '%CommonProgramFiles(x86)%\pplivenetwork\ppap.exe' /RegServer
- '%CommonProgramFiles(x86)%\pplivenetwork\ppap.exe' -background
- '%ProgramFiles(x86)%\pplive\pptv\pplive.exe' -channel_id=4080.00FE6218.1406828547 -cachepath="%APPDATA%\PPLive\PPTV\cache" /LoadModule components\IEBrowser.dll
- '%ProgramFiles(x86)%\pplive\pptv\pplive.exe' /LoadModule "%ProgramFiles(x86)%\PPLive\PPTV\3.3.1.0038\components\PPOptions.dll"
- '%CommonProgramFiles(x86)%\pplivenetwork\ppap.exe' /LoadModule MngModule.dll /T 1 /C forqd926 /F 0 /G 3.3.1.0038 /H 1 /I PPTV(pplive)_jinshan_9025 /L 0 /M 0 /N 0 /O 1 /P
- '%ProgramFiles(x86)%\pplive\pptv\pplive.exe'
- '%ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\repairsetup.exe' -codec
- '%ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\hwcheck.exe' -s -luminanceonly "%TEMP%\hwcheck.mp4"
- '%CommonProgramFiles(x86)%\pplivenetwork\ppap.exe' -Embedding
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwsprotect64.exe' (null)
- '%CommonProgramFiles(x86)%\pplivenetwork\ppap.exe' /LoadModule MngModule.dll /T 2 /A http://h.synacast.com/1.html?sa2foJynraDNzNmcp6GcnqyVo6XQn9vL1tagnKfI1KSdnKeboqfNj7mipuyd5a2boKHom/KW7KnovNvX5tnPzpa10dPXiafhlrSpvOrG3tTN29qFxretib3X0eDU0tnYkL...
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kislive.exe' /autorun /std /skipcs3
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxescore.exe' /service kxescore
- 'C:\kavsetups_66_7912.exe'
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavlog2.exe' -install
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxescore.exe' /start kxescore
- '%ProgramFiles(x86)%\pplive\pptv\3.3.1.0038\skinconverter.exe'
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxetray.exe' /autorun
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kislive.exe' /autorun /std /skipcs3' (со скрытым окном)
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kavlog2.exe' -install' (со скрытым окном)
- '%ProgramFiles(x86)%\pplive\pptv\pplive.exe' /LoadModule "%ProgramFiles(x86)%\PPLive\PPTV\3.3.1.0038\components\PPOptions.dll"' (со скрытым окном)
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxescore.exe' /start kxescore' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\PPLive\PPTV\PPLive.exe" PPLive Enable' (со скрытым окном)
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kxetray.exe' /autorun' (со скрытым окном)
- '%CommonProgramFiles(x86)%\pplivenetwork\ppap.exe' -background' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\PPTVLauncher.exe" PPTVLauncher Enable' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\PPLive\PPTV\3.3.1.0038\CrashReporter.exe" CrashReporter Enable' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\PPLive\PPTV\3.3.1.0038\PPLiveU.exe" PPLiveU Enable' (со скрытым окном)
- '%ProgramFiles(x86)%\kingsoft\kingsoft antivirus\kwsprotect64.exe' (null)' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\Internet Explorer\PPLite\plugin\1.0.1.3117\PluginInstaller.exe" PluginInstaller Enable' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%CommonProgramFiles(x86)%\PPLiveNetwork\PPAP.exe" PPLive Enable' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ProgramFiles(x86)%\PPLive\PPTV\3.3.1.0038\RepairSetup.exe" RepairSetup Enable' (со скрытым окном)
Запускает на исполнение
- '%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles(x86)%\Internet Explorer\PPLite\plugin\1.0.1.3117\pplugin2.dll"
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\SysWOW64\PPTVSvc.dll" RundllCmd -start before
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\SysWOW64\PPTVSvc.dll" RundllCmd -start
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\kindling.dll
- '%WINDIR%\syswow64\regsvr32.exe' /s %WINDIR%\SysWOW64\kindling.dll
- '%WINDIR%\syswow64\svchost.exe' -k PPTVServiceGroup
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%ProgramFiles(x86)%\pplive\pptv\...
