Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'kxesc' = '"%ProgramFiles%\kingsoft\kingsoft antivirus\kxetray.exe" -autorun'
- [<HKLM>\SYSTEM\ControlSet001\Services\kxescore] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\kxescore] 'ImagePath' = '"%ProgramFiles%\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore'
- [<HKLM>\SYSTEM\ControlSet001\Services\ksapi] 'ImagePath' = '<DRIVERS>\ksapi.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\KDHacker] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\KDHacker] 'ImagePath' = '%ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\kisknl] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\kisknl] 'ImagePath' = '<DRIVERS>\kisknl.sys'
- [<HKLM>\SYSTEM\ControlSet002\Services\kisknl] 'ImagePath' = '<DRIVERS>\kisknl.sys'
- [<HKLM>\SYSTEM\ControlSet002\Services\kisknl] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\kisnetm] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\kisnetm] 'ImagePath' = '%ProgramFiles%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetmxp.sys'
- NtCreateThread, handler: kisnetmxp.sys
- %ProgramFiles%\winlock\ico.ico
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksinst.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kshmpgext.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kshmpg.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksextfix.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kseutil.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksesscan.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kseescan.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksdectrl.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\ksdecs.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kscanner.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksbwdet2.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksapi64.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksapi.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksafevul.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\krcmdmon.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\krcmddown.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kpopsvr.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kpopclt.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksnetm\kmonstat.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kminitray.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\kmctrl.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\klengine.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kismain.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kskinmgr.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kspcore.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxecore\kxelog.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kspupwnd.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxecore\kxecore.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxebscsp.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxebase.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwsui64.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwsui.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwssp.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwansvc.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kvipcore.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kvip.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kusbscan.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kusbcore.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kupdatesp.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ktrashscan.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ktrashmon.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ktoolupd.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ktoastpop.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksysopteng.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kswscxex.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kswebshield.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kswbc.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kstools.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksscore.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksreng3.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kisfdpro64.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksolescanner.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\operation\cas\kinfoc.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\krecycle.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kismain.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kislive.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kdrvmgr.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kdownloader.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kcleaner.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kavlog2.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxescore_sp.xcf
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\uplive.svr
- %ProgramFiles%\kingsoft\kingsoft antivirus\shoujizhushou\sjkuplive.svr
- %ProgramFiles%\kingsoft\kingsoft antivirus\sougouext.sext
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\sp3a.nlb
- %ProgramFiles%\kingsoft\kingsoft antivirus\npkws.mxaddon
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\pop_cd_cleanrubbish2\skin.ksfskin
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\rule.krf
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\krmcdm.krf
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\denyip.krf
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxeksgpid.kid
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwifitool.kid
- %ProgramFiles%\kingsoft\kingsoft antivirus\kvmpid2.kid
- %ProgramFiles%\kingsoft\kingsoft antivirus\khackfix.kid
- %ProgramFiles%\kingsoft\kingsoft antivirus\kcommonpid.kid
- %ProgramFiles%\kingsoft\kingsoft antivirus\kavpid.kid
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\unknown.fsg
- %ProgramFiles%\kingsoft\kingsoft antivirus\kphonewiz.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kscan.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\khandler.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksetupwiz.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kfloatwin.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kfcdetect.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\keasyipcn.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kdynmrey.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kdgui2.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kdefendpop.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kcomponent.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kcctrl.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kavquara.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kavmenu64.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kavmenu.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kavevent.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kavdevc.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kanthack.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\jsonv6.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\defendmon.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\bittransport.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\uni0nst.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxetray.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxescore.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwsprotect64.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kvipwiz.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\kupdata.exe
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\khistory.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxereg.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kxesansp.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\lbhelper.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kdehuser.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kfc_dps.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kfc_dps.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\webui\icon\btbg.gif
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcuploadsp.dat
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcuploadsp.dat-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcwsign.dat
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcwsign.dat-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcbase.dat
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcbase.dat-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\KIS\kws\dfcache.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\webui\icon\fdlocal.bak
- %ALLUSERSPROFILE%\Application Data\Kingsoft\KIS\kws\urlcache.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\webui\icon\fdlocal.dat
- %ALLUSERSPROFILE%\Application Data\Kingsoft\ksbw\kns2.che
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kfcdetect.dll.log
- %ALLUSERSPROFILE%\Application Data\Kingsoft\KIS\hg.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksbwdet2.dll.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\switch.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\kfloatwin.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\kws_init.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\log\kxescore.exe.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\kxescore.log
- <SYSTEM32>\config\KAVEventLog.EVT
- %ProgramFiles%\kingsoft\kingsoft antivirus\kislive.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\log\ksdectrl_trace.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\knetwhitelist.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\procinfo.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\poplog.db
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\poplog.db-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\autoflux.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\urlmon.cfg
- %ALLUSERSPROFILE%\Application Data\Kingsoft\KIS\kich\514-cef36ffe-5af404a6-128.ich
- %ProgramFiles%\kingsoft\kingsoft antivirus\log\kusbcore.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\option.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\log\kxetray.exe.log
- %ALLUSERSPROFILE%\Application Data\Kingsoft\Shoujikong\DeviceCache\devices.db
- %ALLUSERSPROFILE%\Application Data\Kingsoft\Shoujikong\DeviceCache\devices.db-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\KIS\kich\1038-d7a8395f-5af404a1-2ee.ich
- %ProgramFiles%\kingsoft\kingsoft antivirus\fluxcache.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kusernetwhitelist.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kusernetwhitelist.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\log\defmsg.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\log\kisknl_trace.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\log\kisknl.log
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\expand_rule.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\deconfig.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\knetcachewhitelist.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\knetcachewhitelist.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\rule.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\knetwhitelist.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\desktop.ini
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\访问金山公司网站\金山公司主页.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\访问金山公司网站\新毒霸网站.lnk
- <DRIVERS>\kisknl64.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\kisknl64.sys
- <DRIVERS>\kisknl.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\kisknl.sys
- <DRIVERS>\kdhacker64.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys
- <DRIVERS>\kdhacker.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys
- <DRIVERS>\kavbootc64.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kavbootc64.sys
- <DRIVERS>\kavbootc.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kavbootc.sys
- <DRIVERS>\bc.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\bc.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\wfs.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\sqlite.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\scom.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\npkws.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\netbuyprot.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\msvcr80.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\msvcp80.dll
- %ProgramFiles%\kingsoft\kingsoft antivirus\lblocker.dll
- <DRIVERS>\kisnetm.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm.sys
- <DRIVERS>\kisnetm64.sys
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\访问金山公司网站\新毒霸官方社区.lnk
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksnetm\kisnetmxp.sys
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\访问金山公司网站\新毒霸官方微博.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\日志查看器.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\病毒隔离系统.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\卸载新毒霸.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\在线升级.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\金山毒霸\新毒霸.lnk
- %ALLUSERSPROFILE%\Desktop\新毒霸.lnk
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\5.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\4.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\3.jpg
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\1.jpg
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\data.fsg
- <DRIVERS>\kusbquery64.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\kusbquery64.sys
- <DRIVERS>\kusbquery.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\kusbquery.sys
- <DRIVERS>\ksskrpr.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksskrpr.sys
- <DRIVERS>\ksapi64.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksapi64.sys
- <DRIVERS>\ksapi.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksapi.sys
- <DRIVERS>\kisnetmxp.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\extendimg\2.jpg
- %ALLUSERSPROFILE%\Application Data\Kingsoft\KIS\kich\1692-5426823b-5af404a2-6d.ich
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\skin\theme\binglanbeiji.dubatheme
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\softicon.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\skin\theme\default.jpg
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\skin\default.jpg
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\skin\theme\binglanbeiji.jpg
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_unknown_no.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_unknown.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_safe_no.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_safe.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_danger_no.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_danger.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_adult_no.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kws_adult.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kwsupicon1.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kwsupicon.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kwsdownicon1.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\kwsdownicon.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\webui\icon\defpolicy.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbt.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgunkowntrs.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgunkowntrb.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgunkownlts.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgunkownltb.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgsafetrs.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgsafetrb.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\knet.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\metroimg\metro_green.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksdoccfg.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\metroimg\metro_orange.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksafetips.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\kissuerepair.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kconfig.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\kavvipcfg.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\install.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ifrcfg.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\hotspot.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\holiday.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\game.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\forecastmsg.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\fireeye.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\clear.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\citys.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\avrepair.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\pop_cd_cleanrubbish2\action.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\microsoft.vc80.mfc.manifest
- %ProgramFiles%\kingsoft\kingsoft antivirus\microsoft.vc80.crt.manifest
- %ProgramFiles%\kingsoft\kingsoft antivirus\npkws.xpi
- %ProgramFiles%\kingsoft\kingsoft antivirus\vduba\vduba.ico
- %ProgramFiles%\kingsoft\kingsoft antivirus\duba123ienew.ico
- %ProgramFiles%\kingsoft\kingsoft antivirus\duba123ie.ico
- %ProgramFiles%\kingsoft\kingsoft antivirus\duba123.ico
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\metroimg\metro_red.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgsafelts.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\metroimg\metro_blue.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgsafeltb.gif
- %TEMP%\kantivirus\~1f25a\install_res\69.png
- %TEMP%\kantivirus\~1f25a\install_res\67.png
- %TEMP%\kantivirus\~1f25a\install_res\66.png
- %TEMP%\kantivirus\~1f25a\install_res\65.png
- %TEMP%\kantivirus\~1f25a\install_res\64.png
- %TEMP%\kantivirus\~1f25a\install_res\63.png
- %TEMP%\kantivirus\~1f25a\install_res\5.png
- %TEMP%\fxzfgXqLZE.DLL
- %TEMP%\kantivirus\~1f25a\install_res\4.png
- %TEMP%\kantivirus\~1f25a\install_res\34.png
- %TEMP%\kantivirus\~1f25a\install_res\32.png
- %TEMP%\AfttGVMDqATvSGffpfqi.DLL
- %TEMP%\kantivirus\~1f25a\install_res\20.png
- %TEMP%\kantivirus\~1f25a\install_res\19.png
- %TEMP%\kantivirus\~1f25a\install_res\31.jpg
- %TEMP%\kantivirus\~1f25a\install_res\3.jpg
- %TEMP%\OdbYLVTlmluZgbUizqwY.DLL
- %TEMP%\Test.dat
- %TEMP%\kantivirus\~1f25a\install_res\2.jpg
- %TEMP%\kantivirus\~1f25a\install_res\110.jpg
- %TEMP%\kantivirus\~1f25a\install_res\1.jpg
- %TEMP%\kantivirus\kavsetup.log
- %ProgramFiles%\winlock\huishenghuiying.exe
- %ProgramFiles%\winlock\KAVSETUPS_66_101799.exe
- %TEMP%\kantivirus\~1f25a\install_res\68.png
- %TEMP%\kantivirus\~1f25a\install_res\70.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgdangertrb.gif
- %TEMP%\kantivirus\~1f25a\install_res\72.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgdangerlts.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgdangerltb.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgadulttrs.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgadulttrb.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgadultlts.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgadultltb.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\webui\icon\bkplugin.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\webui\icon\bkgrdx.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\webui\icon\bkfilter.gif
- %TEMP%\kantivirus\~1f25a\setup.xml
- %TEMP%\kantivirus\~1f25a\product.xml
- %TEMP%\kantivirus\~1f25a\ksoft.xml
- %TEMP%\kantivirus\~1f25a\clear_i.xml
- %TEMP%\kantivirus\~1f25a\install_res\citys.xml
- %TEMP%\kantivirus\~1f25a\install_res\201.bmp
- %TEMP%\kantivirus\~1f25a\install_res\200.bmp
- %TEMP%\kantivirus\~1f25a\install_res\109.bmp
- %TEMP%\kantivirus\~1f25a\install_res\100.bmp
- %TEMP%\kantivirus\~1f25a\install_res\9.png
- %TEMP%\kantivirus\~1f25a\install_res\76.png
- %TEMP%\kantivirus\~1f25a\install_res\75.png
- %TEMP%\kantivirus\~1f25a\install_res\74.png
- %TEMP%\kantivirus\~1f25a\install_res\73.png
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kws\icon\commentbgdangertrs.gif
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksoft.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\kswscxex_ser.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\neybuydescrip.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kusbhwl.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\ksysoptlp.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksoles.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksolec.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksfilter.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\config\ksesysfiles.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\ksdmalwarez.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\ksais.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kqsccfg.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kpretend.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\kpld.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\kplc.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\khandler.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kfc_hfps.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\kdh.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\operation\cas\kctrl.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kae\karchive.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kae\kaecore.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kae\kaearchb.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kae\kaearcha.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\kaccclear.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\iglist.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\FNSIGN.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\defmisc.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\deswitch.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\kvipver.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwnp.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\whiteurl.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\wgsites.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\wd.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\vrulecfg.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\upcfg.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\trashfilerule.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\skin\theme\themelist.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\system_add.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\system64_add.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\system64.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\system.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\se.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\operation\cas\kfmt.datx
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\protect.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\progrule.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\office_add.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\office.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\netbank.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\lpolicy.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kxecomm.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwsu.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwsshop.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwsadr.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\kwpl.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\defbro.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\config3a.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\config3.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\khackfix.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kfccfg.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kdock.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kdehacker.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kcommon.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\kccprotocol_cfg.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\kavstart.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kavcfg.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kae\kaecore.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\hmpgconfig.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\ksde\deheurcfg.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\broplugver.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_weibo.htm
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_main.htm
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_duba.htm
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_bbs.htm
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\weatherconfig.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\pop_cd_cleanrubbish2\style.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\speedtest.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\pop_cd_cleanrubbish2\setting_menu.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\scom.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\cloudpop\1.0.0\popcfg.xml
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kismain.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksbwdt.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\khistory.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksecfg.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\bredirect.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksedset.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\apdev.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\apdev.dat
- %ProgramFiles%\kingsoft\kingsoft antivirus\npkws.crx
- %ProgramFiles%\kingsoft\kingsoft antivirus\recommendctrl.config
- %ProgramFiles%\kingsoft\kingsoft antivirus\liectrl.config
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\kpopcfg.config
- %ProgramFiles%\kingsoft\kingsoft antivirus\cloudctrl.config
- %ProgramFiles%\kingsoft\kingsoft antivirus\vplayer.cfg
- %ProgramFiles%\kingsoft\kingsoft antivirus\webui\icon\fdlocal.cfg
- %ProgramFiles%\kingsoft\kingsoft antivirus\bro.cfg
- %ProgramFiles%\kingsoft\kingsoft antivirus\vinfo.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\skin\duba_binglanbeiji.dubaskin
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\sjkpopcfg.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\signs.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\quarantine.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\push_msg_city_list.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\productidinfo.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\module.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kxeutilcfg.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kvipfree.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kusb_config.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksscfgx.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\ksrengcfg.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\weathertype.ini
- %ProgramFiles%\kingsoft\kingsoft antivirus\fluxstastic.dat
- %TEMP%\Test.dat
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcbase.dat-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcwsign.dat-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcuploadsp.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\security\kxescan\kfc_dps.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\knetwhitelist.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\knetcachewhitelist.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kusernetwhitelist.dat-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\Shoujikong\DeviceCache\devices.db-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\poplog.db-journal
- from <DRIVERS>\kisknl.sys to <DRIVERS>\kisknl_del.sys
- %TEMP%\Test.dat
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcbase.dat-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\kfc\kfcuploadsp.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\knetwhitelist.dat-journal
- <DRIVERS>\kisknl.sys
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\knetcachewhitelist.dat-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\ressrc\chs\kusernetwhitelist.dat-journal
- %ALLUSERSPROFILE%\Application Data\Kingsoft\Shoujikong\DeviceCache\devices.db-journal
- %ProgramFiles%\kingsoft\kingsoft antivirus\data\poplog.db-journal
- 'ct.#uba.net':80
- 'wq.###ud.duba.net':80
- 'di#.##inshan.com':80
- '11#.#12.93.138':80
- '11#.#12.36.195':80
- http://11#.#12.36.195/abc
- http://ct.#uba.net/itid
- http://wq.###ud.duba.net/prev_weather
- http://wq.###ud.duba.net/weather_query
- http://di#.##inshan.com/db/?v=#####################################################################################################################################################
- http://11#.#12.93.138/v/
- DNS ASK ct.#uba.net
- DNS ASK wq.###ud.duba.net
- DNS ASK di#.##inshan.com
- DNS ASK v2.##3.duba.net
- DNS ASK cu###.www.duba.net
- DNS ASK cl####q.duba.net
- DNS ASK in###0.duba.net
- DNS ASK kn#.#uba.net
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'kingsoft antivirus package win' WindowName: '???-????'
- ClassName: 'kingsoft antivirus package win' WindowName: '新毒霸-安装向导'
- '%ProgramFiles%\winlock\KAVSETUPS_66_101799.exe'
- '%ProgramFiles%\winlock\huishenghuiying.exe'
- '%ProgramFiles%\kingsoft\kingsoft antivirus\kavlog2.exe' -install
- '%ProgramFiles%\kingsoft\kingsoft antivirus\kxetray.exe' /autorun
- '%ProgramFiles%\kingsoft\kingsoft antivirus\kxescore.exe' /start kxescore
- '%ProgramFiles%\kingsoft\kingsoft antivirus\kislive.exe' /autorun /std /skipcs3
- '%ProgramFiles%\kingsoft\kingsoft antivirus\kxescore.exe' /service kxescore
- '%ProgramFiles%\kingsoft\kingsoft antivirus\kxetray.exe' -autorun