Trojan.Generic.11256692_53af0782e0

by malwarelabrobot on June 5th, 2014 in Malware Descriptions.

Trojan.Win32.Badur.htyo (Kaspersky), Trojan.Generic.11256692 (AdAware), mzpefinder_pcap_file.YR, GenericEmailWorm.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, EmailWorm


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 53af0782e080923bfcca86f1cbc7530d
SHA1: 3cb407df8abf3758a3e93fd0108f57d0b7da2dd8
SHA256: 3e3bbd8226787d114e1e0b2778803e5c2d3a93cafa88339f714212e4de49b2d3
SSDeep: 6144:SSOw/y4d67EgN0iC1bLY7coVYh4Nf9fG5 UmycGxHLLm4Yw7Ijw:SSOf4TgNJp3YOFNKIycGNvm4J7j
Size: 376116 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 2014-04-21 05:48:12
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour Description
EmailWorm Worm can send e-mails.


Process activity

The Trojan creates the following process(es):

kp4_Mini.exe:1488
dwwin.exe:2040
dwwin.exe:1728
kuping_v4.exe:1068
kt_Mini.exe:344
getnew.exe:1076
getnew.exe:1088
KPToolBar.exe:1664
kpTopBar_b_8.exe:1836
kuping_b_53390.exe:1988

The Trojan injects its code into the following process(es):

%original file name%.exe:820

File activity

The process kp4_Mini.exe:1488 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\op_16.tmp (1 bytes)
C:\kuping4\softset.ini (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MI_19.tmp (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\Mini.ico (1159 bytes)
C:\kuping4\Universal\unrar.dll (185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\6f1b_appcompat.txt (20221 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\bg.png (2 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\skin.ini (822 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\seach.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\seach-btn.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\close.png (2 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\small.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MA_1B.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DI_1D.tmp (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\skinconfig.ini (89 bytes)
C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\logo.png (4 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini (4 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\op_16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_1A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MI_19.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RM_18.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\logo.png (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\close.png (0 bytes)
C:\op_16.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\small.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_1E.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\seach-btn.png (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\seach.png (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\bg.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MA_1B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DI_1D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_1C.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CA_17.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_1F.tmp (0 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini (0 bytes)

The process %original file name%.exe:820 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\kuping_b_53390.exe (37274 bytes)

The process dwwin.exe:2040 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\186E55.dmp (127725 bytes)

The process dwwin.exe:1728 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\185AFC.dmp (127763 bytes)

The process kuping_v4.exe:1068 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\kuping4\Update\soft.ini (1714 bytes)
C:\kuping4\softset.ini (730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_13.tmp (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\Liveindex[1].htm (312 bytes)
C:\kuping4\TempDownLoad\Home\11275.jpg_0 (388 bytes)
C:\kuping4\Kpclick.ini (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_12.tmp (631 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DW_14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_12.tmp (0 bytes)
C:\kuping4\TempDownLoad\Home\11275.jpg_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_13.tmp (0 bytes)

The process kt_Mini.exe:344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\MI_E.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_A.tmp (1 bytes)
%Documents and Settings%\%current user%\My Documents\Universal\Universal.ini (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4ea8_appcompat.txt (11916 bytes)
C:\KPToolBar\Universal\skinConfig.rar (1961 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\默认\skin.ini (822 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\close.png (2 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\small.png (1 bytes)
C:\KPToolBar\softset.ini (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_B.tmp (633 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\seach.png (1 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\Mini.ico (1159 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\seach-btn.png (1 bytes)
C:\KPToolBar\Universal\unrar.dll (185 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\skinconfig.ini (89 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\bg.png (2 bytes)
C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\logo.png (4 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CA_C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MI_E.tmp (0 bytes)
C:\op_A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MA_10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RM_D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DI_11.tmp (0 bytes)

The process getnew.exe:1076 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\KPToolBar\Update\soft.ini (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_6.tmp (218 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DW_9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_6.tmp (0 bytes)

The process getnew.exe:1088 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\kuping4\Update\soft.ini (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_15.tmp (426 bytes)
C:\kuping4\Update\updatelog.ini (31 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DW_15.tmp (0 bytes)

The process KPToolBar.exe:1664 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DW_5.tmp (126 bytes)
C:\KPToolBar\Update\soft.ini (1704 bytes)
%System%\config\SOFTWARE.LOG (9947 bytes)
%System%\config\software (7765 bytes)
C:\KPToolBar\TempDownLoad\resource\wallpaper\wallpaper_l\328\0\0\create_time\0\1_100\0.zip__1401890328 (912 bytes)
C:\KPToolBar\TempDownLoad\resource\wallpaper\wallpaper_l\321\0\0\create_time\0\1_100\0.xml (22194 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (8512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_4.tmp (1 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (7004 bytes)
C:\KPToolBar\skinConfig\DesktopToolBarLocation.ini (36 bytes)
C:\KPToolBar\softset.ini (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_8.tmp (631 bytes)
C:\KPToolBar\TempDownLoad\resource\wallpaper\wallpaper_l\328\0\0\create_time\0\1_100\0.xml (22306 bytes)
C:\KPToolBar\TempDownLoad\resource\wallpaper\wallpaper_l\321\0\0\create_time\0\1_100\0.zip__1401890328 (574 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DW_5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DW_7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_4.tmp (0 bytes)
C:\op_4.tmp (0 bytes)

The process kpTopBar_b_8.exe:1836 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\delete.png (1 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\config.153624[1].xml (266 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\Default.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\set_4.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\bg0.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_MyDocument.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\local_add.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_SpreadButton.png (1 bytes)
C:\KPToolBar\Update\SkinResource\Update.png (196 bytes)
C:\KPToolBar\Update\SkinResource\BKStep2.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\Tips\bz_2.png (588 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\float.png (1 bytes)
C:\KPToolBar\skinConfig\Default\IeList.ini (527 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\4.png (1372 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Up_.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\21[1].gif (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\set.png (196 bytes)
C:\KPToolBar\skinConfig\Default\DesktopToolBarMsg.ini (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_SpreadButton.png (1 bytes)
C:\KPToolBar\Update\UDStatictical.dll (1882 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\jian.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\delete.png (1 bytes)
C:\KPToolBar\Update\SkinResource\IsNew.png (196 bytes)
C:\KPToolBar\Update\UpData.dll (2342 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\soso_btn.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\01.png (1176 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\shop.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\set_1.png (1 bytes)
C:\KPToolBar\Update\Skin.ini (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_3.tmp (225 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\lijixiufu.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\Thumbs.db (1568 bytes)
C:\KPToolBar\skinConfig\Default\CWyst_AddPicDlg.ini (196 bytes)
C:\KPToolBar\Update\SkinResource\BKStep1.png (1098 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\option.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\select.png (3 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\input.png (212 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\ck.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\news.png (3 bytes)
C:\KPToolBar\Update\SkinResource\ProgressBar.png (984 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Slider_V.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\line.png (934 bytes)
C:\KPToolBar\skinConfig\DesktopToolBarSettingInfo.ini (450 bytes)
C:\KPToolBar\skinConfig\Default\ui\IeMenu\sougou.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\txt2.png (1 bytes)
C:\KPToolBar\WallPaperIni\WallPaperSytle.xml (234 bytes)
C:\KPToolBar\GameIcon\Nomal\gameicon.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tongji_baidu[1].htm (295 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\soso.png (3 bytes)
C:\KPToolBar\skinConfig\Default\APP.ini (598 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\set.png (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\bg_small.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\slice3.png (2 bytes)
C:\KPToolBar\skinConfig\Default\DesktopToolBarAbout.ini (542 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\delete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
C:\KPToolBar\wdj_connection_wrapper.dll (1949 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\system.png (1 bytes)
C:\KPToolBar\UserBehaviorStatistics.dll (471 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_Cancel.png (3 bytes)
C:\KPToolBar\skinConfig\Default\DesktopToolBarBZ.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\index[1].htm (750 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\search.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\hide\bg2.png (1 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\dan_xuan.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_ChooseBox.png (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Load-Fail-.png (2 bytes)
C:\KPToolBar\TongJICNZZ.dll (1333 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Bar.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (192 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\add.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\IeMenu\bg.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\video.png (196 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\down.png (161 bytes)
C:\KPToolBar\skinConfig\Default\ui\IeMenu\google.png (1 bytes)
%Documents and Settings%\%current user%\Desktop\¿áÆÁ¹¤¾ßÌõ.lnk (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\slice.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_Advance.png (4 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\cancel.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\now-loading.png (1 bytes)
C:\KPToolBar\SystemConfig\setting.ini (547 bytes)
C:\KPToolBar\skinConfig\Default\ui\Tips\bz_1.png (588 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\slice1.png (2 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\xiezai.png (375 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\lijiuninstall.png (784 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\line2.png (929 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\bg_02.png (1568 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\check.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\wallbase_bg.png (157 bytes)
C:\KPToolBar\Update\SkinResource\FnishSmall.png (2 bytes)
C:\KPToolBar\getnew.exe (1960 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\scroll_bg.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\RadioBox.png (1 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\danxuan.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\note.png (1960 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\bg.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\link.png (784 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\finish2.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_CancelCT.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\seach_bar.png (1 bytes)
C:\KPToolBar\DeskTopPop.exe (1529 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\using.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\play.png (4 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\set.png (1 bytes)
C:\KPToolBar\skinConfig\IsFirst.ini (97 bytes)
C:\KPToolBar\Uninstall\Link.exe (275 bytes)
C:\KPToolBar\skinConfig\DesktopToolBarLocation.ini (27 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_NoPic_AfterCT.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\promt_cancel.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\video.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\search.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\close.png (2 bytes)
C:\KPToolBar\skinConfig\AppUrl.ini (222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\LZMA.dll (68 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\procss_time.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\wait.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\mini.png (196 bytes)
C:\KPToolBar\Update\info.ini (20 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_AddToUL.png (4 bytes)
C:\KPToolBar\skinConfig\Default\DesktopToolBar.ini (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\scroll_bar_img.png (972 bytes)
C:\KPToolBar\skinConfig\Default\DesktopToolAdd.ini (991 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\cancel.png (3 bytes)
C:\KPToolBar\Update\SkinResource\Minimize.png (392 bytes)
C:\KPToolBar\UniversalFunction.dll (4017 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\360_btn.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\bg.png (196 bytes)
C:\KPToolBar\Update\soft.ini (907 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[3].js (1262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[2].js (331 bytes)
C:\KPToolBar\Update\SkinResource\Fnish.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\360.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_NoPic_BeforeCT.png (980 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\ie.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\IeMenu\focus.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\game.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\logo.png (196 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\Uninstall.ini (1 bytes)
C:\KPToolBar\skinConfig\skinconfig.ini (88 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\close.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\sure.png (196 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\advert.png (980 bytes)
C:\KPToolBar\skinConfig\Default\ui\IeMenu\soso.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\ta.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\prompt.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanResult\Img_SelectAll.png (2 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (183 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\mennu_narrow.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\chk.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\scaning.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\soougou_btn.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\goole_logo.png (2 bytes)
C:\KPToolBar\Update\SkinResource\Cancel.png (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\MsgBox_1.ini (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\btn_known.png (3 bytes)
C:\KPToolBar\Update\SkinResource\Ok.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\Tips\search_tips.png (588 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\slice2.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\set_focus.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\focus.png (1 bytes)
C:\KPToolBar\unrar.dll (824 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\jindutiao.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Down.png (1 bytes)
C:\KPToolBar\skinConfig\Default\DesktopToolBarSearch.ini (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\add.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\like.png (2 bytes)
C:\KPToolBar\Update\SkinResource\PopupBox.png (392 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\¿áÆÁ¹¤¾ßÌõ\¿áÆÁ¹¤¾ßÌõ.lnk (1 bytes)
C:\KPToolBar\skinConfig\category.xml (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\About\about.png (588 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\¿áÆÁ¹¤¾ßÌõ\жÔØ¿áÆÁ¹¤¾ßÌõ.lnk (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\close.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\hide\show.png (1 bytes)
C:\KPToolBar\Repairer.exe (549 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\img_01.png (157 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\round.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\time.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\txt3.png (1 bytes)
C:\KPToolBar\zlib1.dll (1490 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\close.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\set_2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\bg_01.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Slider.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\set_bg.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\txt.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\google_btn.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\hide\bg.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\logo.png (588 bytes)
C:\KPToolBar\skinConfig\Default\DesktopToolBarPop.ini (699 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\news.png (196 bytes)
C:\KPToolBar\skinConfig\Default\DeskRelevance.ini (210 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\line.png (944 bytes)
C:\KPToolBar\skinConfig\Default\ui\ToolGames\tip.png (392 bytes)
C:\KPToolBar\kt_Mini.exe (157 bytes)
C:\KPToolBar\skinConfig\Default\DesktopToolBarSetting.ini (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\edit.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\clear.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\bg.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\bg2.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\Thumbs.db (1176 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\play.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\ListBg.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_Desktop.png (1 bytes)
C:\KPToolBar\skinConfig\Default\tips.ini (450 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (189 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Bar_V.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Down_V.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\radio.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_Disk.png (1 bytes)
C:\KPToolBar\Uninstall\installedSoftInfo.ini (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanResult\SR_Img_Choice.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\1.png (1176 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\BKGND.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\prompt_sure.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\google.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\3.png (980 bytes)
C:\KPToolBar\skinConfig\Default\ui\Tips\Toolnote3.png (784 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\set_3.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\hide\Thumbs.db (4 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\ie.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\scroll_bar.png (1 bytes)
C:\KPToolBar\Update\SkinResource\Exit.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\select.png (1 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\img.wallba[1].xml (266 bytes)
C:\KPToolBar\Kp_BootClr.exe (1137 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\game.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\ying.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\HideBtn.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\bg.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Bar_H.png (962 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\add_pic.jpg (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\sorry.png (392 bytes)
C:\KPToolBar\skinConfig\Default\ToolGames.ini (912 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\Thumbs.db (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_CloseButton.png (1 bytes)
C:\KPToolBar\softset.ini (1719 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\pic.png (1 bytes)
C:\KPToolBar\Update\SkinResource\CheckUpdate.png (1 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\check-box_focus.png (991 bytes)
C:\KPToolBar\skinConfig\Default\ui\IeMenu\baidu.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Down_H.png (1 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\up.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\TongJICNZZ.dll (1333 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Slider_H.png (982 bytes)
C:\KPToolBar\KPToolBar.exe (4292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig (4 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\like.png (2 bytes)
C:\KPToolBar\skinConfig\DesktopToolBarBZInfo.ini (43 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\shop.png (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[1].js (160 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\2.png (1176 bytes)
C:\KPToolBar\skinConfig\Default\ui\hide\show2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[4].js (1149 bytes)
C:\KPToolBar\uninstall.exe (2733 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\skinconfig.ini (91 bytes)
C:\KPToolBar\Kpclick.ini (39 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\close.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\set_2.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\About\sure.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\baidu_btn.png (2 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\open.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\using.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\CheckBox.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_CTing.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\baidu_logo.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\jia.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\sougou.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\IeMenu\360.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\close.png (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\default_pic.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Up_V.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\Thumbs.db (784 bytes)
C:\KPToolBar\skinConfig\Default\ui\menu\set_3.png (1 bytes)
C:\KPToolBar\skinConfig\so.xml (2 bytes)
C:\KPToolBar\Update\SkinResource\Point.png (1 bytes)
C:\KPToolBar\ExpandPackCheck.exe (1725 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\download.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\installedSoftInfo.ini (2 bytes)
C:\KPToolBar\skinConfig\Default\ui\MyBZ\Thumbs.db (784 bytes)
C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\check-box.png (540 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\ement.png (3 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\bg.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\AddAPP\mini.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Up_H.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_CTDir.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\Tips\180x130-game.png (784 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\focus.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\time_bar.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_Folder.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_RecentLook.png (751 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\dotted.png (967 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\set_1.png (3 bytes)
C:\KPToolBar\version.ini (44 bytes)
C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_Scan.png (196 bytes)
C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\baidu_logo1.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\slected.png (1 bytes)
C:\KPToolBar\skinConfig\Default\ui\kpBZ\seach.png (1 bytes)
C:\KPToolBar\skinConfig\DesktopToolBarSearchInfo.ini (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\LZMA.dll (0 bytes)
C:\op_3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\btn_known.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\MsgBox_1.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\cancel.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\installedSoftInfo.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\close.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\bg_small.png (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[3].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\TongJICNZZ.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox (0 bytes)

The process kuping_b_53390.exe:1988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list-screen.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\bg_focus.png (327 bytes)
C:\kuping4\skinConfig\ĬÈÏ\LocalManagement_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-6.png (210 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list-mause.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\management.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\computer.png (1568 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\aboutme-text.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\delete.png (960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\h[2].js (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\bg_small.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\image-bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\recover.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\update-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\button-skin-add.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\UploadImageLayer.ini (3 bytes)
%Documents and Settings%\%current user%\UserData\KTOR0Z81\config.153624[1].xml (310 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\tick_fcous.png (714 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\cancel-button.png (1 bytes)
C:\kuping4\kpTopBar_b_8.exe (219778 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\min.png (338 bytes)
C:\kuping4\TempDownLoad\UserLive\tempfile\userlive.xml (480 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\notice\sure_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\cursor\right.cur (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\1111.png (199 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\serch-bg.png (161 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\cancel-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\bg_di.png (306 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\RegisterSkin.ini (693 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\close.png (3 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\¿áÆÁ4\¿áÆÁ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_block.png (95 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\update.png (556 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\blue.png (307 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\explain.png (559 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\add-app-bg_02.png (523 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\scroll-bg.png (305 bytes)
C:\kuping4\skinConfig\ĬÈÏ\SkinInfo.ini (19 bytes)
C:\kuping4\TempDownLoad\Home\11276.jpg (392 bytes)
C:\kuping4\kuping_v4.exe (5620 bytes)
C:\kuping4\Kp_BootClry.exe (1137 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\left-bck.png (1 bytes)
C:\kuping4\SystemConfig\setting.ini (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\btn_known.png (3 bytes)
C:\kuping4\TempDownLoad\Home\11272.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\share.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\notice\notice.png (1 bytes)
C:\kuping4\Appsoftconfig\image\clear.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\skin_bg_02.png (791 bytes)
C:\kuping4\UniversalFunction.dll (4840 bytes)
C:\kuping4\Appsoftconfig\image\ielogo.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\login_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\progress\progress_bg.png (283 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\kupingbg-03_01.png (784 bytes)
C:\kuping4\Uninstall\StartMenu.exe (24 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Conventional-set.png (988 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\attention.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list-icon.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\list-pause.png (669 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-3.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\max.png (157 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\App.png (868 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\x.png (943 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\lijixiufu.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-2.png (1 bytes)
C:\kuping4\TempDownLoad\StartUp\tempfile\StartUp.xml (784 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_deck.png (175 bytes)
C:\kuping4\MSGBoxSkin\UI\stop_button.png (1 bytes)
C:\kuping4\Appsoftconfig\image\buttoncmd.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\kp4.2flash_01.png (791 bytes)
C:\kuping4\Update\SkinResource\CheckUpdate.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Default-recovery_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\bg_02.png (4 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\center-line.png (128 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\collection.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\bg.png (341 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\theme.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\Uninstall.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IconListEx\cancel.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\album.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\UpDateMenu_Layer.ini (1 bytes)
C:\kuping4\MSGBoxSkin\MSGBoxSkin.ini (2 bytes)
C:\kuping4\MSGBoxSkin\UI\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list-Screen-saver.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\bg_02.png (1765 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\mainsub.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\progress.png (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[2].js (427 bytes)
C:\kuping4\skinConfig\ĬÈÏ\MouseNavigation_Layer.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\search.png (681 bytes)
C:\kuping4\KPUpdater.dll (3439 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\smile.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\re-choice.png (371 bytes)
C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\delete.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\help.png (633 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\home.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list_wallpaper.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\mause.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\lefr_bg.png (194 bytes)
C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\ApplicationMenu_Layer.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\cancel.png (3 bytes)
C:\kuping4\QuickenFunctionConfig\Management\status.ini (161 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\mainsub.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\newcreat-bg.png (171 bytes)
C:\kuping4\Update\SkinResource\Minimize.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\Modify-head.png (922 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\progress\iconlist_bg.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\¿áÆÁ4.0flash_02.png (414 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\tick.png (227 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\bg_top.png (984 bytes)
C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\TailorHeadImageLayer.ini (1 bytes)
C:\kuping4\TempDownLoad\Home\11273.jpg (588 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\sure_button.png (1 bytes)
C:\kuping4\KpInstallTheme.exe (1764 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\update-online_botton.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\TongJICNZZ.dll (65 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\newcreat-focus.png (214 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\progress_focus.png (190 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\focus.png (222 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\theme-max.png (1529 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\application\icon_focus.png (483 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\failRefresh.png (382 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\about\logo_s.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\add.png (392 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (205 bytes)
C:\kuping4\skinConfig\ĬÈÏ\MenuSetConfig.ini (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\LZMA.dll (68 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\list-bg.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\MainSkin.ini (697 bytes)
C:\kuping4\Universal\Soft\softset.ini (78 bytes)
C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\tag.ini (205 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\kupingbg-03_02.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Personal-center.png (196 bytes)
C:\kuping4\MSGBoxSkin\UI\retry_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\cursor\left.cur (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tag-line.png (108 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\notMulti.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\help_icon.png (730 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\error.png (544 bytes)
C:\kuping4\Universal\skinConfig.rar (980 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\silder.png (363 bytes)
C:\kuping4\VersionConfig.xml (1060 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\notcheak.png (391 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\bg.png (1372 bytes)
C:\kuping4\getnew.exe (1960 bytes)
C:\kuping4\SpecialSubject.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\progress\cancel.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\down.png (178 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\SkinCenter.ini (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\MainSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\loading.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\jindutiao.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\installedSoftInfo.ini (1952 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\line.png (109 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\reg-btn.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\focus-bg.png (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\op_2.tmp (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\notchoose.png (879 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\aboutme.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\progress\progress_bg1.png (258 bytes)
C:\kuping4\TempDownLoad\UserLive\version.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\application\scroll_thumb.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\install-button.png (1 bytes)
C:\kuping4\QuickenFunctionConfig\Management\ManagementCommerce.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\white.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\skin_bg_03.png (421 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\delete.png (1 bytes)
C:\kuping4\info.ini (16 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\login_bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\log-bckhead.png (4 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\tui-chu.png (232 bytes)
C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\application.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\close.png (2 bytes)
C:\kuping4\Appsoftconfig\image\buttonclear.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\delete.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\AppDlgConfig\MainDlgSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\loading.png (2 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\advert.png (980 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\bg_top.png (984 bytes)
C:\kuping4\skinConfig\ĬÈÏ\NoticeDlgSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\line_w.png (91 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\pro.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\SkinCenterDownload.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\notMulti.png (912 bytes)
C:\kuping4\skinConfig\ĬÈÏ\IconsFolderNavigation_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\loading.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\myBaoku.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\load.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\install_icon.png (971 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\cover.png (109 bytes)
C:\kuping4\TempDownLoad\TagInfo\list_win7.xml (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\title-bg.png (2 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\bg.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\set.png (522 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\bg_nf.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\download.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\cut_button-ato.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\kankan.png (1921 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\skin.png (629 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\green.png (324 bytes)
C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\bg_01.png (708 bytes)
C:\kuping4\MSGBoxSkin\UI\success.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\choose.png (883 bytes)
C:\kuping4\skinConfig\ĬÈÏ\Login_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\new-bg.png (274 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-5.png (214 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\news.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\upload_button.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\progress\progress_bg2.png (182 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\sure_button.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig (4 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\bg.png (784 bytes)
C:\kuping4\TempDownLoad\Home\11279.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\meihua.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_thumb.png (744 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\page.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\about\sure_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\application\scroll_block.png (763 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\notice-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\silent_download.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateDownloadPage.ini (592 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\bg1.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\loading2.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\city-about.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\menu_move.png (440 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\Label-input-box.png (258 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\open.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\uphead.png (1 bytes)
C:\kuping4\QuickenFunctionConfig\home\HomeConfig.xml (1 bytes)
C:\kuping4\TempDownLoad\Home\Homeversion.ini (31 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\yellow.png (298 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\log-bck.png (543 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\danxuan.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\focus.png (142 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\seach-btn.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\FeedbackDlgConfig\MainFeedbackDlg.ini (879 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\mail.png (263 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\Screen-saver.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tag_focus.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\WebContro.ini (529 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\logo.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\function.png (392 bytes)
C:\kuping4\softset.ini (2123 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\install_icon.png (971 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\focus.png (199 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\drop-down.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\add-app-bg_01.png (974 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\sina_logo.png (638 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\app.png (987 bytes)
C:\kuping4\TempDownLoad\TagInfo\TagVersion.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÏ\MainSkin.ini (3 bytes)
C:\kuping4\Uninstall\skinConfig_un\skinconfig.ini (85 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\album.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\My-collection.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (176 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\begin.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\title-Modify-head.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\gray.png (313 bytes)
C:\kuping4\QuickenFunctionConfig\deskIco\status.ini (16 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (212 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\img_01.png (588 bytes)
C:\kuping4\Appsoftconfig\image\play.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\application\iconlist_bg.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\head120.png (1372 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\silder-fill.png (343 bytes)
C:\kuping4\Update\soft.ini (908 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\set-cancel.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index[1].htm (750 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\logo.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IconListEx\icon_focus.png (510 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\MsgBox_1.ini (729 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\bg.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\tailorBg.jpg (1764 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\cheak.png (564 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\logo.png (970 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\update.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\orange.png (327 bytes)
C:\kuping4\skinConfig\skinversion.ini (29 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\shuyeer.png (196 bytes)
C:\kuping4\Appsoftconfig\image\buttoncoculation.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ScreenSaverNavigation_Layer.ini (196 bytes)
C:\kuping4\Appsoftconfig\image\soft.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\set_icon.png (782 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\upon.png (288 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateNetError.ini (633 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\bg_wf.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\popmenu.png (678 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\check-box_focus.png (991 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\My-share.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\focus-l.png (222 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\about\about.png (1176 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\m.png (3 bytes)
C:\kuping4\MSGBoxSkin\UI\warning.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\¡Ì.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\page2.png (106 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\sure.png (634 bytes)
C:\kuping4\UserBehaviorStatistics.dll (471 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list_theme.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\logo.png (584 bytes)
C:\kuping4\kp4_Mini.exe (157 bytes)
C:\kuping4\skinConfig\ĬÈÏ\AllApplication_Layer.ini (1 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\input.png (212 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\Label-input-box1.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\continue.png (382 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\delete.png (486 bytes)
C:\kuping4\uninstall.exe (2145 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IconListEx\add-m.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\recover.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\SepLine.png (99 bytes)
C:\kuping4\TempDownLoad\Home\11275.jpg_0 (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\skin_bg_01.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\updown.png (280 bytes)
C:\kuping4\skinConfig\ĬÈÏ\HomePageShow_Layer.ini (3 bytes)
C:\kuping4\Appsoftconfig\APPversion.ini (59 bytes)
C:\kuping4\MSGBoxSkin\UI\faild.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\refresh.png (1 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\seach.png (1 bytes)
C:\kuping4\Update\SkinResource\Exit.png (1 bytes)
C:\kuping4\Appsoftconfig\image\buttonplay.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateCheckPage.ini (261 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\loading2.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateInfoPage.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\MyBaoku.ini (3 bytes)
C:\kuping4\DeskTopPop.exe (1529 bytes)
C:\kuping4\Appsoftconfig\image\sou.png (196 bytes)
C:\kuping4\Update\SkinResource\IsNew.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\Boot-screen.png (196 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\close.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\scroll.png (410 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\mennu-bg.png (363 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\blue.png (90 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\min.png (338 bytes)
C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\cancel.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\collection.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\set.png (234 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\nextpage.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\BootScreenNavigation_Layer.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\brown.png (286 bytes)
C:\kuping4\Update\SkinResource\BKStep1.png (902 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\icon.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\MainMenuDlgSkin.ini (2 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\¿áÆÁ4\жÔØ¿áÆÁ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\progress\progress.png (179 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\save.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\SystemThemeNavigation_Layer.ini (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\pink.png (290 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\wallpaper.png (196 bytes)
C:\kuping4\MSGBoxSkin\UI\error.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\doc_plus_icon&16.png (264 bytes)
C:\kuping4\unrar.dll (824 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\down.png (161 bytes)
C:\kuping4\Update\SkinResource\ProgressBar.png (984 bytes)
C:\kuping4\QuickenFunctionConfig\deskIco\DeskIconConfig.xml (8 bytes)
C:\kuping4\KPMsgBoxDll.dll (2694 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\feedback_icon.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Silence-set_button.png (1 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\finish2.png (588 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\small.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\focus-2.png (200 bytes)
C:\kuping4\TempDownLoad\Home\11274.jpg (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\delete-button.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\WebPage.ini (594 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\list-bg.png (96 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\mouse.png (549 bytes)
C:\kuping4\skinConfig\skinconfig.ini (84 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Download-set.png (966 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Multi.png (998 bytes)
C:\kuping4\login.dll (2185 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\right_bg.png (194 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Application-Settings.png (953 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-share\bg.png (196 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\¿áÆÁ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\line_h.png (92 bytes)
C:\kuping4\skinConfig\ĬÈÏ\WebContrl_Layer.ini (775 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ImageLookDlgConfig\MainSkin.ini (129 bytes)
C:\kuping4\TongJICNZZ.dll (1333 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\application.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_down.png (982 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\black.png (316 bytes)
%Documents and Settings%\%current user%\Desktop\¿áÆÁ4.lnk (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\start.png (941 bytes)
C:\kuping4\dgmon.dll (471 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\Input-box.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\view-bg.png (509 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\fail.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\lijiuninstall.png (784 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Screening-bg2.png (102 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\Alert.png (1 bytes)
C:\kuping4\Appsoftconfig\image\Iebuttonlogo.png (196 bytes)
C:\kuping4\TempDownLoad\Home\home.xml (1764 bytes)
C:\kuping4\livability.dll (510 bytes)
C:\kuping4\Update\SkinResource\Fnish.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\fail.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\WebContro.ini (617 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\show.png (413 bytes)
C:\kuping4\Kp_BootClr.exe (1137 bytes)
C:\kuping4\Repairer.exe (549 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\re.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateNormal.ini (641 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\backpage.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\white.png (283 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\set_1.png (522 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\kupingbg-03_03.png (980 bytes)
C:\kuping4\Appsoftconfig\image\cmd.png (196 bytes)
C:\kuping4\Update\SkinResource\Point.png (1 bytes)
C:\kuping4\BootStart.dll (157 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\cancel.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\add-app-bg_03.png (412 bytes)
C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\logo.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\about\delete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\h[1].js (5 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\notice\Alert.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\App-manager.png (654 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\display_shadow.png (115 bytes)
C:\kuping4\Universal\UniversalCpaSkin.rar (1098 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\app-button.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\content.png (416 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\delete.png (486 bytes)
C:\kuping4\MSGBoxSkin\UI\infomation.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\mennu-bg2.png (1 bytes)
C:\kuping4\Appsoftconfig\image\coculation.png (196 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\img.wallba[1].xml (310 bytes)
C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\cut_button-hand.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\headbg.png (556 bytes)
C:\kuping4\skinConfig\ĬÈÏ\DownloadWebImageDlg\MainSkin.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\My-resources.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\about.png (606 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\dan_xuan.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\bg_vein.png (268 bytes)
C:\kuping4\Appsoftconfig\button.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\LocTween_Layer.ini (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\login-btn.png (2 bytes)
C:\kuping4\Update\SkinResource\Cancel.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateNoticeDlg.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\scroll_thumb.png (842 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (96 bytes)
C:\kuping4\skinConfig\ĬÈÏ\SeverTween_Layer.ini (1 bytes)
C:\kuping4\Update\SkinResource\BKStep2.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\screen.png (314 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tip.png (591 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\set.png (549 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\notchoose.png (879 bytes)
C:\kuping4\version.ini (44 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\red.png (318 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_up.png (927 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\head60.png (392 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\up.png (160 bytes)
C:\kuping4\SystemConfig\LocWallpaleXml.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Software-update.png (998 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\loading.png (3 bytes)
C:\kuping4\Update\UpData.dll (2342 bytes)
C:\kuping4\Update\SkinResource\Update.png (196 bytes)
C:\kuping4\QuickenFunctionConfig\Setup\CpaConfig.xml (8 bytes)
C:\kuping4\skinConfig\ĬÈÏ\newUi\local.png (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\scroll_block.png (763 bytes)
C:\kuping4\IndividualCenter.dll (5389 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\list-bg2.png (2 bytes)
C:\kuping4\SkinCenter.dll (3635 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\myDownLoad.png (392 bytes)
C:\kuping4\Kpclick.ini (107 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ResourceNavigation_Layer.ini (974 bytes)
C:\kuping4\MSGBoxSkin\UI\yes_button.png (1 bytes)
C:\kuping4\Appsoftconfig\softtempfile\soft.xml (196 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IconListEx\iconlist_bg.png (314 bytes)
C:\kuping4\Appsoftconfig\image\buttonsou.png (196 bytes)
C:\kuping4\skinConfig\SkinSetting.xml (1 bytes)
C:\kuping4\MSGBoxSkin\UI\question.png (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\bkimg.png (429 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Directory-box_bg.png (397 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-4.png (287 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\submit.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\check-box.png (540 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\flowerpot.png (3 bytes)
C:\kuping4\Update\info.ini (18 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\doc_empty_icon&16.png (293 bytes)
C:\kuping4\Update\UDStatictical.dll (1882 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\choose.png (883 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-1.png (794 bytes)
C:\kuping4\TempDownLoad\TagInfo\list_xp.xml (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\finish-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\ConventionalMenu_Layer.ini (1 bytes)
C:\kuping4\KPConfig.inf (3 bytes)
C:\kuping4\Uninstall\installedSoftInfo.ini (984 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\kupingbg-02.png (588 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\share.png (472 bytes)
C:\kuping4\TempDownLoad\Home\11277.jpg (196 bytes)
C:\kuping4\SystemConfig\LocThemeXml.xml (416 bytes)
C:\kuping4\ThemeInstall.dll (863 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\Screening-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\caption-bg.png (417 bytes)
C:\kuping4\MSGBoxSkin\UI\bg_top.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\cheakskin\MainSkin.ini (1 bytes)
C:\kuping4\MSGBoxSkin\UI\cancel-button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\refresh.png (726 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\suspend.png (504 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\tempfile.tmp (184 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\apple.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\DesktopWallpaperNavigation_Layer.ini (196 bytes)
C:\kuping4\Update\SkinResource\PopupBox.png (392 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tag.png (195 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\kankan.png (1725 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\delete.png (486 bytes)
C:\kuping4\skinConfig\ĬÈÏ\NoLogin_Layer.ini (941 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\use.png (196 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\bg_01.png (392 bytes)
C:\kuping4\TempDownLoad\SearchBuff.ini (23 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tag-bg.png (350 bytes)
C:\kuping4\MSGBoxSkin\UI\no_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\color\purple.png (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tongji_baidu[1].htm (295 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\list\progress_frame.png (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\login\ui\failure.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\DownLoadMenu_Layer.ini (3 bytes)
C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\min.png (338 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\xiezai.png (375 bytes)
C:\kuping4\TempDownLoad\Home\11278.jpg (588 bytes)
C:\kuping4\Update\SkinResource\Ok.png (196 bytes)
C:\kuping4\Update\SkinResource\FnishSmall.png (2 bytes)
C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\mennu_narrow.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\progress\icon_focus.png (317 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\skin.png (629 bytes)
C:\kuping4\Update\Skin.ini (2 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\jindutiao1.png (99 bytes)
C:\kuping4\ExpandPackCheck.exe (1725 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\add-app-bg.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\icon.png (1764 bytes)
C:\kuping4\MSGBoxSkin\UI\ok_button.png (1 bytes)
C:\kuping4\skinConfig\ĬÈÏ\ui\focus3.png (357 bytes)
C:\kuping4\skinConfig\ĬÈÏ\AboutDlgConfig\MainDlg.ini (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\op_2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\LZMA.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\btn_known.png (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\bg_small.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\cancel.png (0 bytes)
C:\op_2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ (0 bytes)
C:\kuping4\kpTopBar_b_8.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\MsgBox_1.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[2].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\close.png (0 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\config.153624[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\TongJICNZZ.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[4].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\installedSoftInfo.ini (0 bytes)

Registry activity

The process kp4_Mini.exe:1488 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 A8 DC 53 E4 AD 7A 6B 7B 61 3D DD CC 1F 6B 80"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
"DWFileTreeRoot"

The process %original file name%.exe:820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 72 79 3C E9 C8 E2 0C 75 B6 28 35 A6 39 92 53"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process dwwin.exe:2040 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "06 54 CF 79 30 DA 96 E9 E8 F2 F0 94 72 04 C7 CD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process dwwin.exe:1728 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 1C D9 14 25 56 E6 A7 29 FC F4 CA A1 23 44 42"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process kuping_v4.exe:1068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\kpscrfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKCR\kplguifile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCR\kpthemefile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Kuping]
"InstallPath" = "c:\kuping4\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\kpiconfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,4"

[HKCR\kpthemefile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,1"

[HKCR\kpscrfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\.kprar]
"(Default)" = "kprarfile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\kpscrfile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\kpcurfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKCR\kprarfile]
"(Default)" = "¿áÆÁÖ÷Ìâ×ÊÔ´Îļþ"

[HKCR\kpthemefile\Shell]
"(Default)" = "Open"

[HKCU\Software\Kuping]
"ExcutePath" = "c:\kuping4\kuping_v4.exe"

[HKCR\kpiconfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKCR\.kpscr]
"(Default)" = "kpscrfile"

[HKCR\kprarfile\Shell]
"(Default)" = "Open"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCR\kpcurfile]
"(Default)" = "¿áÆÁÊó±êÖ¸Õë×ÊÔ´Îļþ"

[HKCR\kprarfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\kpscrfile]
"(Default)" = "¿áÆÁÆÁ±£×ÊÔ´Îļþ"

[HKCR\kpcurfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,3"

[HKCR\kplguifile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCR\kpcurfile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\.kpicon]
"(Default)" = "kpiconfile"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 0B 52 B9 B1 D4 21 19 91 9E C3 43 9E 62 E2 54"

[HKCR\kprarfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Kuping]
"Command" = "install"

[HKCR\.kpcur]
"(Default)" = "kpcurfile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\kpiconfile\Shell]
"(Default)" = "Open"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\kplguifile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCR\.kptheme]
"(Default)" = "kpthemefile"

[HKCR\.kplgui]
"(Default)" = "kplguifile"

[HKCR\kpiconfile]
"(Default)" = "¿áÆÁͼ±ê×ÊÔ´Îļþ"

[HKCR\kpthemefile]
"(Default)" = "¿áÆÁÖ÷Ìâ×ÊÔ´Îļþ"

[HKCR\kplguifile]
"(Default)" = "¿áÆÁµÇ¼½çÃæ×ÊÔ´Îļþ"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process kt_Mini.exe:344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 67 E8 70 5F 1A 11 11 6D 7C F4 81 E5 A3 61 28"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
"DWFileTreeRoot"

The process getnew.exe:1076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 71 4C 9F 35 0C DC BC F5 92 E3 06 AE 1B 16 FF"

The process getnew.exe:1088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 29 42 61 78 A8 FB E7 47 07 7D C5 CD E0 B7 8F"

The process KPToolBar.exe:1664 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D8 5B 5A C4 86 B9 86 30 CF 0D FF CC 73 56 88 13"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM]
"KpDesktopToolBar" = "c:\KPToolBar\KPToolBar.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process kpTopBar_b_8.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\.kplgui]
"(Default)" = "kplguifile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\kpscrfile\Shell\Open\Command]
"(Default)" = "c:\KPToolBar\KpInstallTheme.exe %1"

[HKCR\kpiconfile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KPToolBar]
"URLInfoAbout" = "http://www.wallba.com/"

[HKCR\kpcurfile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCR\kprarfile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KPToolBar]
"DisplayName" = "¿áÆÁ¹¤¾ßÌõ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060420140605]
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\kpiconfile\DefaultIcon]
"(Default)" = "c:\KPToolBar\KPToolBar.exe,4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\kpscrfile\DefaultIcon]
"(Default)" = "c:\KPToolBar\KPToolBar.exe,6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\.kpscr]
"(Default)" = "kpscrfile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\.kptheme]
"(Default)" = "kpthemefile"

[HKCR\kpcurfile\Shell\Open\Command]
"(Default)" = "c:\KPToolBar\KpInstallTheme.exe %1"

[HKCR\.kprar]
"(Default)" = "kprarfile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KPToolBar]
"DisplayIcon" = "c:\KPToolBar\KPToolBar.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\kpscrfile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KPToolBar]
"UninstallString" = "c:\KPToolBar\uninstall.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\kplguifile\DefaultIcon]
"(Default)" = "c:\KPToolBar\KPToolBar.exe,5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\.kpicon]
"(Default)" = "kpiconfile"

[HKCR\kprarfile]
"(Default)" = "Ö÷Ìâ×ÊÔ´Îļþ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060420140605]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014060420140605\"

[HKCR\kpthemefile\Shell]
"(Default)" = "Open"

[HKCR\kpiconfile\Shell\Open\Command]
"(Default)" = "c:\KPToolBar\KpInstallTheme.exe %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060420140605]
"CachePrefix" = ":2014060420140605:"

[HKCR\kpthemefile\DefaultIcon]
"(Default)" = "c:\KPToolBar\KPToolBar.exe,1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KPToolBar]
"DisplayVersion" = "1.0.1.8"

[HKCR\kpcurfile\DefaultIcon]
"(Default)" = "c:\KPToolBar\KPToolBar.exe,3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\kpcurfile]
"(Default)" = "Êó±êÖ¸Õë×ÊÔ´Îļþ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\kpscrfile]
"(Default)" = "ÆÁ±£×ÊÔ´Îļþ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KPToolBar]
"Publisher" = "»°Óï¿Æ¼¼"

[HKCR\kprarfile\DefaultIcon]
"(Default)" = "c:\KPToolBar\KPToolBar.exe,2"

[HKCR\kplguifile\Shell\Open\Command]
"(Default)" = "c:\KPToolBar\KpInstallTheme.exe %1"

[HKCR\kpthemefile\Shell\Open\Command]
"(Default)" = "c:\KPToolBar\KpInstallTheme.exe %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060420140605]
"CacheLimit" = "8192"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FB 4C A2 3F AE AD DE EF F6 96 0C 39 E3 CA 27 91"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060420140605]
"CacheRepair" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCR\.kpcur]
"(Default)" = "kpcurfile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\kplguifile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\kprarfile\Shell\Open\Command]
"(Default)" = "c:\KPToolBar\KpInstallTheme.exe %1"

[HKCR\kpiconfile]
"(Default)" = "ͼ±ê×ÊÔ´Îļþ"

[HKCR\kpthemefile]
"(Default)" = "Ö÷Ìâ×ÊÔ´Îļþ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\kplguifile]
"(Default)" = "µÇ¼½çÃæ×ÊÔ´Îļþ"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KPToolBar" = "c:\KPToolBar\Kp_BootClr.exe"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041720130418]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process kuping_b_53390.exe:1988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\.kplgui]
"(Default)" = "kplguifile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\kpscrfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"DisplayName" = "¿áÆÁ4"

[HKCR\kpcurfile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\kpiconfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\kpscrfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\.kpscr]
"(Default)" = "kpscrfile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\.kptheme]
"(Default)" = "kpthemefile"

[HKCR\kpcurfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKCR\.kprar]
"(Default)" = "kprarfile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\kpscrfile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\kplguifile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"URLInfoAbout" = "http://www.wallba.com/"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"Publisher" = "»°Óï¿Æ¼¼"

[HKCR\.kpicon]
"(Default)" = "kpiconfile"

[HKCR\kprarfile]
"(Default)" = "Ö÷Ìâ×ÊÔ´Îļþ"

[HKCR\kpthemefile\Shell]
"(Default)" = "Open"

[HKCR\kpiconfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKCR\kpthemefile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,1"

[HKCR\kprarfile\Shell]
"(Default)" = "Open"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\kpcurfile]
"(Default)" = "Êó±êÖ¸Õë×ÊÔ´Îļþ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\kpscrfile]
"(Default)" = "ÆÁ±£×ÊÔ´Îļþ"

[HKCR\kpcurfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,3"

[HKCR\kplguifile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKCR\kpthemefile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"DisplayVersion" = "4.3.1.1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE FE 22 B2 AE F7 80 95 9E 17 CA 5E 61 36 9E 64"

[HKCR\kprarfile\DefaultIcon]
"(Default)" = "c:\kuping4\kuping_v4.exe,2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"UninstallString" = "c:\kuping4\uninstall.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\.kpcur]
"(Default)" = "kpcurfile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\kpiconfile\Shell]
"(Default)" = "Open"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\kplguifile\Shell]
"(Default)" = "Open"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KP4]
"DisplayIcon" = "c:\kuping4\kuping_v4.exe"

[HKCR\kprarfile\Shell\Open\Command]
"(Default)" = "c:\kuping4\KpInstallTheme.exe %1"

[HKCR\kpiconfile]
"(Default)" = "ͼ±ê×ÊÔ´Îļþ"

[HKCR\kpthemefile]
"(Default)" = "Ö÷Ìâ×ÊÔ´Îļþ"

[HKCR\kplguifile]
"(Default)" = "µÇ¼½çÃæ×ÊÔ´Îļþ"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kuping4" = "c:\kuping4\Kp_BootClr.exe"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
d0f2416807f04c559e6394a0a4c7f1d1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\KP_1\LZMA.dll
24d0a833b36d81d8e87a4457df9cb1e5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\KP_1\skinconfig\TongJICNZZ.dll
2ce5a8ecc1a5953a1c68e67a63d17ab0 c:\Program Files\kuping_b_53390.exe
5b35e2dcdd2ef51b43b0cb0c95dd99f8 c:\kuping4\BootStart.dll
da26a931164cffbbe06f8f326fd07a2d c:\kuping4\DeskTopPop.exe
a1fe4789a9493bc057cf778076af9209 c:\kuping4\ExpandPackCheck.exe
d1bf9c97acd160d940f355601db79064 c:\kuping4\IndividualCenter.dll
08c4dd9d73cda35e2bf5aedf8d3650e3 c:\kuping4\KPMsgBoxDll.dll
274366c07438df3cbcacd870516f4058 c:\kuping4\KPUpdater.dll
af9e78dbed7743d930541ebae9f0a600 c:\kuping4\KpInstallTheme.exe
963848f652d186f1446d37137ad6af70 c:\kuping4\Kp_BootClr.exe
af9aff9994581814fc42f01035e1a39f c:\kuping4\Kp_BootClry.exe
e50a07998f4f25d2bdd4956fe43f020a c:\kuping4\Repairer.exe
ee5e62e9c27b80a0ae5e5a6aa8dab85c c:\kuping4\SkinCenter.dll
74cb56f1bf76aa6aaae399b9bcbd59b9 c:\kuping4\ThemeInstall.dll
6d87a9fbdef81c2684711d68af1c6bbb c:\kuping4\TongJICNZZ.dll
e8af0046f405043d4346ce592cb27b28 c:\kuping4\Uninstall\StartMenu.exe
93369bfd94be0a65a112a298f22f479a c:\kuping4\UniversalFunction.dll
9623db0c6e12beb2a4f0f1eabfdeef84 c:\kuping4\Update\UDStatictical.dll
9096c71932f4b2ed18c698c8931f948b c:\kuping4\Update\UpData.dll
6ba47762b664fb4bd16568ccbe73f758 c:\kuping4\UserBehaviorStatistics.dll
a60bb93f45853fbec835e7e46ee6eb36 c:\kuping4\dgmon.dll
1ece936c359ff817fa6f0b46409acbfb c:\kuping4\getnew.exe
328d74becb2fb3c45ad4a66a0a8bf078 c:\kuping4\kp4_Mini.exe
b1d9f16d5154c0dcfa4762363db48792 c:\kuping4\kpTopBar_b_8.exe
c5585b066357267e6f0f160f22581337 c:\kuping4\kuping_v4.exe
14f417bbf38dffd22bbbfe49f625f1ca c:\kuping4\livability.dll
81eb86203f16a41d444154872a48015b c:\kuping4\login.dll
b592ae54151426ecb398f1948ae45162 c:\kuping4\uninstall.exe
f4afe818a97808e389bb579bb3521a39 c:\kuping4\unrar.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX0 4096 430080 0 0 d41d8cd98f00b204e9800998ecf8427e
UPX1 434176 339968 338944 5.47203 978d1656cdc8bd3ebe307efaa9932b8f
.rsrc 774144 32768 30720 3.3286 14d2b030b36e6b403314b58937aaf593

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 2
88a9b3e31998982eea246b762564c443
37bd3e78933db6863bf17a82eba47c5c

URLs

URL IP
hxxp://d.union.kuping.cc/download.php/kuping_b_53390.exe 222.186.60.27
hxxp://youqian.baidu.com/download/bdBrowserSetup-5810-ftn_1000039714.exe 115.239.211.50
hxxp://tj.153624.com/report/ 101.251.196.27
hxxp://d.union.kuping.cc/Public/conf/c-lock/1/1_4_3_2_2/53390.xml 222.186.60.27
hxxp://xnop014.tlgslb.com/Public/Upload/Soft/kptoolbar_b_8.exe
hxxp://d.union.kuping.cc/Public/conf/c-lock/1/9_1_0_1_8/8.xml 222.186.60.27
hxxp://d.union.kuping.cc/Public/tongji_baidu.html?ip=&mac=00-0C-29-7C-CD-1F&area=&channel_id=8&install_way=1&soft_id=9&start_way=0&type=install&version=1.0.1.8 222.186.60.27
hxxp://wallba.com.m.01cdn.com/Public/Configs/dudu_cnzz/index.html?id=8&class=silence
hxxp://config.153624.com/Public/conf/c-lock/1/1_4_3_2_2/53390.xml 222.186.60.27
hxxp://config.153624.com/Public/tongji_baidu.html?ip=&mac=00-0C-29-7C-CD-1F&area=&channel_id=8&install_way=1&soft_id=9&start_way=0&type=install&version=1.0.1.8 222.186.60.27
hxxp://img.kuping.cc/Public/Upload/Soft/kptoolbar_b_8.exe 115.238.152.235
hxxp://img.wallba.com/Public/Configs/dudu_cnzz/index.html?id=8&class=silence 222.186.60.7
hxxp://config.153624.com/Public/conf/c-lock/1/9_1_0_1_8/8.xml 222.186.60.27


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Unsupported/Fake Windows NT Version 5.0
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /Public/conf/c-lock/1/1_4_3_2_2/53390.xml HTTP/1.1
Host: config.153624.com
Connection: keep-alive 
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8 
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Encoding: deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 04 Jun 2014 18:48:25 GMT
Content-Type: text/xml
Content-Length: 1832
Last-Modified: Sun, 01 Jun 2014 07:25:48 GMT
Connection: keep-alive
ETag: "538ad57c-728"
Accept-Ranges: bytes
.h....N..KN ...M..n7.#...!..t[......7....Zh.....].W._..C.S."..V|..#..o
....R.R:..R...17.[..F..*>......JK...n7.#....)..vW....B....|.p....1J
..S"....].a..:7j[........R.R:..qE.0.J.|.....|.n.0 .%b.......H..~.{....
/......:^.K?.e.........`).r...c.....n4[9!V~....~...X{|y....W?.Cqr.Z...
.......p ..&S!.GB^W=...W...3.z....9:..p..m..Q'G...fBQNgY". ..F...."..v
.i....p. ..C|...|../1.k9..^......5n<.r...zh......0.9...J.y........e
. M.N.....c.....|F.V.f......F...."..v.i....p. ..C|...|../1.k9..^..X.b.
#.......gM.#.....Id...y.&...=...W.....A..(^...P5.:..5..(.<...l.q...
..i....Z...e.p.d...F.d.......{Wa..e.b.2....>.k.hA.Q..0..I.S.K.|...R
E...@...]......U..L.Jv:..n...gU.......^z..Z..... ..m...=...j.....9..0L
=...W...\..N..<.?.. ..o..-. ...[..n7.#......9B........U.r.Zn ...Z0.
Q68....lL(/qS.&..?OY..q....[..].....)....q*.uf ...:....`_..9Q./..C.E.~
....xE.l...L|w......e. .B|.....}..n.&.iz.v....Hv*y..O...k......i...2z.
.=.,"....o..=-........."...Y..A}...$.v.[...F...."..v.i....p. ..C|...|.
./1..<)..z/{N.....j............G..(........F/.l6t?t...C.[.../..E..i
..,...i."0...m{0......b0..Z..76.~.......B...B.5$...%{..>2.I..#.y...
..e. =g......i.......M.oX....i...2z..=.,".......#=.f..J........n7.#..s
...../I...F..j..I...[r(:..TasM.....a.......M....G.:^.3.h_...a9.(.. ...
.0!.V2.#.........M.|&..#?..W?.Cqr...h ..8.......x=...W...!s.......S.bq
...w..2.9.l.o.a......n7.#...0.....M$Z.U...*[email protected].!...#..P ...HA...
l..s&.B.......<...T.".b......=...W.......4......2.u...D.NV'x[..&h..
.(6....Hh[e..%...(..py.E..q0.......3=..n_l..W?.Cqr.H....:[email protected].
<<< skipped >>>


GET /download/bdBrowserSetup-5810-ftn_1000039714.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: youqian.baidu.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 04 Jun 2014 18:51:29 GMT
Content-Type: application/octet-stream
Content-Length: 34977744
Last-Modified: Thu, 10 Apr 2014 12:37:04 GMT
Connection: keep-alive
ETag: "53469070-215b7d0"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........V...7...7..
.7....I..7...OT..7...OD..7...7...6....}.:7....|..7....M..7....J..7..Ri
ch.7..........................PE..L......R......................0..N..
[email protected]....@...............
................... 8......pQ.............x...X.....8..R..............
[email protected](8.<..........................
..text...G........................... ..`.rdata.......................
.......@[email protected][email protected]...,[email protected]%... 8..&.
[email protected]... ...P8..........................rsrc....
....pQ.....................@[email protected]...}...0W..~..................@..
B.....................................................................
......................................................................
......................................................................
......................................................a.........%...'.
........M...................9..........h...................*...f......
...,....g.....(......... ....k....(...9...................UR...p....{.
.............l.............................n....yd........_....J......
........[P...f....a....l.....&........-T.......................$..... 
........uI...p....k....6G...!....lI........................?...~;.....
....N........z....u..............f....A.....t........2.....%....M...C.
...^e...Y....D...............Q...P.....M....J.............G.......
<<< skipped >>>


GET /download.php/kuping_b_53390.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: d.union.kuping.cc
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 04 Jun 2014 18:47:56 GMT
Content-Type: application/octet-stream
Content-Length: 5072400
Last-Modified: Mon, 12 May 2014 02:03:05 GMT
Connection: keep-alive
ETag: "53702bd9-4d6610"
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........d[TJ.5.J.5.
J.5.1.9.N.5..'>.I.5..&,[email protected].(.&.\.5...;.N.5.%.>.
I.5.%.?.A.5.%.1.N.5.|#>.M.5.|#1.I.5.J.4.H.5...>.h.5...3.K.5.Rich
J.5.........PE..L.....TS..................... ....................@...
..............................B1N.....................................
....,.......P3...........KM.x.........................................
...................................................text...............
................ ..`.rdata..,i.......p..................@[email protected]
... ...p... [email protected].......@..................@..@
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


POST /report/ HTTP/1.1
Host: tj.153624.com
Connection: keep-alive 
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8 
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Content-Type: application/x-www-form-urlencoded
Content-Length:263

data=ZjMVYVZwiAK6CCJeRTMd8GRRFDSozsFpDsZHXBEWpFKtjpuIzyFbYehMP3YkgF+Py4XdGkccJqpP6XUfeSGnx6LgpwTcjAFeYsc0Ox/+rd+EYKlhxcfcMyOsKfBrkQYVlPMzUsBlUZ7N7wZcYCq2krolWnI/QhbjfD+X6tPUtaj7d1+VorceohIfyrs3Ph9PIbfbD9HqgjQ=&sgin=e65f785c8f319050b2dd3c9b3c32035a
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 04 Jun 2014 18:50:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
2..ok..0..



GET /Public/tongji_baidu.html?ip=&mac=00-0C-29-7C-CD-1F&area=&channel_id=8&install_way=1&soft_id=9&start_way=0&type=install&version=1.0.1.8 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: config.153624.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 04 Jun 2014 18:48:53 GMT
Content-Type: text/html
Content-Length: 295
Last-Modified: Tue, 15 Apr 2014 02:37:16 GMT
Connection: keep-alive
ETag: "534c9b5c-127"
Accept-Ranges: bytes
<script type="text/javascript">..var _bdhmProtocol = (("https:" 
== document.location.protocol) ? " hXXps://" : " hXXp://");..document.
write(unescape("
%original file name%.exe_820:

`.rsrc
w.ALT
t%SVh
t$(SSh
~%UVW
u$SShe
kernel32.dll
wininet.dll
GetWindowsDirectoryA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
taskmgr.exe
%Program Files%
http://down.21195.com/jm.txt
%Program Files%\
http://
surl : '
shorturl=
downloadurl
http:\/\/
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
https
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
https://
9(99:;;<==>
/012345678
%*.*f
CNotSupportedException
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
COMCTL32.DLL
CCmdTarget
__MSVCRT_HEAP_SELECT
user32.dll
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.*)|*.*||
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
(&07-034/)7 '
?? / %d]
%d / %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
%s:%d
windows
out.prn
%d.%d
%d / %d
%d/%d
Bogus message code %d
(%d-%d):
%ld%c
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
SMTP
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
zcÁ
c:\%original file name%.exe
WinExec
GetProcessHeap
GetCPInfo
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
GetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
ShellExecuteA
GetKeyState
CreateDialogIndirectParamA
UnhookWindowsHookEx
SetWindowsHookExA
InternetCanonicalizeUrlA
InternetCrackUrlA
.text
.rdata
@.data
.rsrc
<.rd:
#include "l.chs\afxres.rc" // Standard components
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
ole32.dll
OLEAUT32.dll
RASAPI32.dll
SHELL32.dll
USER32.dll
WININET.dll
WINMM.dll
WINSPOOL.DRV
WS2_32.dll
(*.*)

%original file name%.exe_820_rwx_00401000_000BB000:

t%SVh
t$(SSh
~%UVW
u$SShe
kernel32.dll
wininet.dll
GetWindowsDirectoryA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
taskmgr.exe
%Program Files%
http://down.21195.com/jm.txt
%Program Files%\
http://
surl : '
shorturl=
downloadurl
http:\/\/
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
https
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
https://
9(99:;;<==>
/012345678
%*.*f
CNotSupportedException
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
COMCTL32.DLL
CCmdTarget
__MSVCRT_HEAP_SELECT
user32.dll
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.*)|*.*||
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
(&07-034/)7 '
?? / %d]
%d / %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
%s:%d
windows
out.prn
%d.%d
%d / %d
%d/%d
Bogus message code %d
(%d-%d):
%ld%c
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
SMTP
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
zcÁ
c:\%original file name%.exe
WinExec
GetProcessHeap
GetCPInfo
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
GetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
ShellExecuteA
GetKeyState
CreateDialogIndirectParamA
UnhookWindowsHookEx
SetWindowsHookExA
InternetCanonicalizeUrlA
InternetCrackUrlA
.text
.rdata
@.data
.rsrc

KPToolBar.exe_1664:

.text
`.rdata
@.data
.rsrc
F SSh&
UDPj
@ SShX
unzip 0.18 Copyright 1998-2002 Gilles Vollant - http://www.winimage.com/zLibDll
1.1.4
inflate 1.1.4 Copyright 1995-2002 Mark Adler
MFC42.DLL
MSVCRT.dll
_acmdln
KERNEL32.dll
RegisterHotKey
UnregisterHotKey
USER32.dll
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegFlushKey
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
ole32.dll
MSVCP60.dll
NETAPI32.dll
IMAGEHLP.dll
WS2_32.dll
zlib1.dll
unrar.dll
MSIMG32.dll
GdipSetImageAttributesColorKeys
gdiplus.dll
RICHED20.dll
IMM32.dll
GetAsyncKeyState
SetWindowsHookExA
UnhookWindowsHookEx
GDI32.dll
COMCTL32.dll
OLEAUT32.dll
ImportExitOrderToUBS
ImportUserBehaviorToUBS
ImportSoftInformationToUBS
UserBehaviorStatistics.dll
DTB_PassiveStart
TongJIUrl
http://tj.153624.com/behavior/
Software\Microsoft\Windows\CurrentVersion\Run
1.0.0.4
version.ini
update/soft.ini
http://config.153624.com/desktoptool/icon_xml.xml
softset.ini
%d,%d,%d,%d,%d,%d
*.xml|*.zip
WallPaperUsed.xml
WallPaperLike.xml
WallPaperLoc.xml
Web\Wallpaper\Bliss.bmp
\Web\Wallpaper\Windows\img0.jpg
WallPaperIni\WallPaperSytle.xml
http://
wallpaper.bmp
http://v5.kuping.cc/resource/wallpaper/wallpaper_l/%s/0/0/create_time/0/1_100/0.zip
UniversalMini.exe
c:\Kp5Desktoopbar\app\
c:\Kp5Desktoopbar\appdown\
c:\Kp5Desktoopbar\bz\
getnew.exe
SOFTWAREMicrosoftWindowsCurrentVersionRun\
SystemConfig\setting.ini
%[^ ] %[^ ] %s
http://config.153624.com/Public/conf/open/1/%s_%s/10.jpg
http://tj.153624.com/report/
TongJICNZZ.dll
windows 3.1
windows 95,
windows 98,
windows NT
windows 2000
windows xp
windows 2003
windows 2008
windows 7
windows 8
http://config.153624.com/Public/conf/c-lock/1/%s_%s/%s.xml
4.3.1.1
QueryInterface failed! ctrl: %d
Can't find the ctrl: %d
\Default\DesktopToolBarAbout.ini
Default\DesktopToolBarAbout.ini
iexplore.exe
\skinConfig\Default\DesktopToolAdd.ini
\skinConfig\Default\APP.ini
http://v5.kuping.cc/other/player/category.xml
category.xml
MsgBox
IsShow
IsFirst.ini
\skinConfig\Default\DesktopToolBarBZ.ini
application/x-www-form-urlencoded
v5.kuping.cc
.jpg,.png,.bmp,.jpeg
http://v5.kuping.cc/resource/wallpaper/wallpaper_l/%s/0/0/create_time/0/%d_100/%s.zip
LikePicID.ini
\skinConfig\Default\DesktopToolBar.ini
\skinConfig\DesktopToolBarLocation.ini
\skinConfig\AppUrl.ini
set_bg.png
dotted.png
set_focus.png
set_4.png
set_3.png
set_2.png
set_1.png
desktoptoolbar_msg
\skinConfig\Default\DesktopToolBarMsg.ini
http://config.153624.com/desktoptool/so_xml.xml
so.xml
DesktopToolBarSearchInfo.ini
keyword
\DesktopToolBarSearch.ini
skinconfig.ini
suggestion.baidu.com
DTB_ClickKeyword
\DesktopToolBarSetting.ini
DTB_KeyboardShortcut
\IeList.ini
0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
0628597greek81201258windows-1258
1201257windows-12570738598logical
1201256windows-12560651932euc-jp
1201255windows-1255
2701143x-ebcdic-finlandsweden-euro1201254windows-1254
0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
0801250x-cp12501201252windows-1252
1201251windows-12511528598iso_8859-8:1988
1201250windows-12502301149x-ebcdic-icelandic-euro
1150220iso-2022-jp1100874windows-874
1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
0551932x-euc1250221_iso-2022-jp1000932csshiftjis
http-equiv
<>=\/?!"';
(%d nulls removed)
length %d
to length %d
to %d bytes
from length %d
from byte length %d
\DeskRelevance.ini
\tips.ini
\CWyst_AddPicDlg.ini
http://config.153624.com/Public/conf/game_recommend/1/9_%s/10.xml
GameIcon\LocalGame.xml
GameIcon\KPToolBar_Game.xml
GameIcon\Nomal\gameicon.png
\skinConfig\Default\ToolGames.ini
%d,%d,%d
isshow
iconurl
User32.DLL
Location: %s
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
HTTP/1.1
kernel32.dll
%s*.*
%s\*.*
%s%s%s
colorkey
layer_%d
tsShowBack
tsShowClose
%d,%d,%d,%d
%d,%d
%f,%f,%f,%f
%u,%x,%u,%u,%u,%s
%d/%d,
%d,%d,%d,%d,%d,%d,%d,%d
D:\Program Files3
D:\Program Files2
D:\Program Files1
WINDOWS
.jpeg
%d,%d,%d,%d,%x
%[^|]|%d,%d,%d,%d,%[^,],%d,%x,%d|%d
FilterByFolderBtn%d
%d,%d,%d,%d|%x|%s
%[^|]|%d,%d,%d,%d,%[^,],%d,%x,%d
%s %d %s
1.2.8
location: %s
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:20.0) Gecko/20100101 Firefox/20.0
Content-Disposition: form-data; name="%s"
1.2.7
1, 0, 1, 5
KPTOOLBAR.EXE

getnew.exe_1076:

.text
`.rdata
@.data
.rsrc
MFC42.DLL
MSVCRT.dll
_acmdln
KERNEL32.dll
USER32.dll
MSVCP60.dll
./Update/soft.ini
./Update/UpData.dll
*(..FEI
)',76:87:/.2)( &%(%$'$#'$#'$#'$#'$#'$#'$#'$#'$#'$#'%$'&%('&*)(,.-00/3&$)*(-
;6373/62.
0-,@@@<<<%" "
63/6302.,
1, 0, 0, 2
run.EXE

kt_Mini.exe_344:

.text
`.rdata
@.data
.rsrc
MFC42.DLL
MSVCRT.dll
_acmdln
KERNEL32.dll
USER32.dll
MSVCP60.dll
0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
0628597greek81201258windows-1258
1201257windows-12570738598logical
1201256windows-12560651932euc-jp
1201255windows-1255
2701143x-ebcdic-finlandsweden-euro1201254windows-1254
0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
0801250x-cp12501201252windows-1252
1201251windows-12511528598iso_8859-8:1988
1201250windows-12502301149x-ebcdic-icelandic-euro
1150220iso-2022-jp1100874windows-874
1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
0551932x-euc1250221_iso-2022-jp1000932csshiftjis
%s\%s
minikey
softset.ini
GetExeFlag
UniversalFunction.dll
1.0.0.1
version.ini
2013,1,1,1,1,1
dddddd
1987,1,1,1,1,1
softProc
KP_5.exe
1, 0, 0, 1
UniversalMini.EXE

kuping_v4.exe_1068:

.text
`.rdata
@.data
.rsrc
F SShz
N SShx
tS9.tF
MFC42.DLL
MSVCRT.dll
_acmdln
WinExec
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
GetKeyState
GetAsyncKeyState
USER32.dll
GDI32.dll
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyA
RegQueryInfoKeyA
RegFlushKey
ADVAPI32.dll
ShellExecuteA
ShellExecuteExA
SHELL32.dll
ole32.dll
OLEAUT32.dll
GdipSetImageAttributesColorKeys
gdiplus.dll
MSVCP60.dll
IMAGEHLP.dll
WS2_32.dll
?PreTranslateMessage@CSkinCenterDlg@@UAEHPAUtagMSG@@@Z
?GetMessageMap@CSkinCenterDlg@@MBEPBUAFX_MSGMAP@@XZ
SkinCenter.dll
unrar.dll
NETAPI32.dll
PSAPI.DLL
VERSION.dll
MSIMG32.dll
SetWindowsHookExA
UnhookWindowsHookEx
COMCTL32.dll
kuping_v4.exe
4.3.1.1
version.ini
QueryInterface failed! ctrl: %d
Can't find the ctrl: %d
\AboutDlgConfig\MainDlg.ini
skinconfig.ini
http://www.wallba.com
\AppDlgConfig\MainDlgSkin.ini
Appsoftconfig\button.xml
Appsoftconfig\image\soft.xml
http://config.wallba.com/Public/Configs/AppSoftconf.xml
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
WallPlayer.exe
Appsoftconfig\softtempfile\soft.xml
%System32%
wallplay\config\List_imge_theme_config\image.xml
wallplay\config\WallPlayerConfig\WallPlayImage.xml
Location: %s
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
HTTP/1.1
http://
kernel32.dll
Software\Microsoft\Windows\CurrentVersion\Run
X-X-X-X-X-X
%s\*.*
Microsoft Windows 95
Microsoft Windows NT 4.0
Microsoft Windows 98
Microsoft Windows Me
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003 R2
Microsoft Windows Server 2003
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2008 R2
Microsoft Windows 7
ImportExitOrderToUBS
ImportUserBehaviorToUBS
ImportSoftInformationToUBS
UserBehaviorStatistics.dll
temp.jpg
\DownloadWebImageDlg\MainSkin.ini
%d%d%d%d%d
241870897
TempDownLoad\FeedBack\qqNum.xml
\FeedbackDlgConfig\MainFeedbackDlg.ini
set.png
focus.png
http://config.wallba.com/Public/Configs/user_info.xml
.kpscr
.kplgui
.kpicon
.kpcur
.kprar
.kptheme
%s %%1
%s\Shell\Open\Command
%s\Shell
%s\DefaultIcon
%s\kuping_v4.exe,%d
%s\KpInstallTheme.exe
softset.ini
http://int.dpool.sina.com.cn/iplookup/iplookup.php
TempDownLoad\UserLive\UserLive.ini
TempDownLoad\TagInfo\TagVersion.ini
skinConfig\skinversion.ini
TempDownLoad\SearchBuff.ini
Appsoftconfig\APPversion.ini
TempDownLoad\Home\Homeversion.ini
http://config.wallba.com/Public/Configs/Functon_version.xml
TempDownLoad\UserLive\version.ini
userlive.xml
%s%s.xml
http://config.wallba.com/Public/Configs/KpLiveControl/
TempDownLoad\Home\tempfile\home.xml
http://config.wallba.com/Public/Configs/KpIndexConf.xml
Appsoftconfig\tempfile\soft.xml
skinConfig\tempfile\SkinSetting.xml
http://config.wallba.com/Public/Configs/SkinSetting.xml
TempDownLoad\TagInfo\list_win7.xml
http://img.wallba.com/Public/Configs/Album/list_win7.xml
TempDownLoad\TagInfo\list_xp.xml
http://img.wallba.com/Public/Configs/Album/list_xp.xml
TempDownLoad\Home\home.xml
%s\system32\themeui.dll
%s\system32\uxtheme.dll
crackthemepackwinxp.rar
%s\system32
.backup
%s\system32\dllcache\themeui.dll
%s\system32\dllcache\uxtheme.dll
%s\system32\themeservice.dll
crackthemepackwin7.rar
%s /grant administrators:F
/f %s
crackthemepackwin7x64.rar
Kernel32.dll
urlEx
weburl
\WebContro.ini
login
IsShowWindow
IndividualCenter.dll
loginInfo\head.jpg
http://kuping.wallba.com/web/help.html#win7sj
\KPUpdater.dll
set_1.png
SepLine.png
tui-chu.png
menu_move.png
about.png
feedback_icon.png
help_icon.png
show.png
\MenuSetConfig.ini
update.png
set_icon.png
KpInstallTheme.exe
http://www.wallba.com/Help.shtml
IsLogin
getnew.exe
http://tj.153624.com/behavior/
http://tj.153624.com/report/
TongJICNZZ.dll
update/soft.ini
updateupgrade.exe_0
updateupgrade.exe
SystemConfig\setting.ini
http://config.wallba.com/Public/Configs/Liveindex.html?id=
http://img.wallba.com/Public/Configs/index.html?id=
Kpclick.ini
%d,%d,%d,%d,%d,%d
\UpdateUi\UpdateSkin.ini
\MainSkin.ini
GetLoginHashValue
GetLoginUid
InitLogin
login.dll
LocBootScreen.xml
LocIconsfolder.xml
LocScreensaver.xml
LocMouseponit.xml
LocThemeXml.xml
LocWallpaleXml.xml
StowBootScreen.xml
StowIconsfolder.xml
StowScreensaver.xml
StowMouseponit.xml
stowThemeXml.xml
StowWallpaleXml.xml
wallpaper.bmp
EXPLORER.EXE
UniversalMini.exe
%skuping_v4.exe start
kuping_v4.exe start
\softset.ini
%sKp_BootClr.exe
contact=%s:%s&content=%s
/index.php?s=/Index/comment_save/
kuping.wallba.com
loginInfo\head_new.jpg
head.jpg
loginInfo\
nick
msg_num
/kp_api.php?s=User/getuser&uid=
member.wallba.com
StartUp.xml
http://config.wallba.com/Public/Configs/KpStartupControl/%s.xml
%system32%
TempDownLoad\StartUp\tempfile\StartUp.xml
kptest.tmp
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808fj.jpg
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0809kt.jpg
http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808kt.jpg
http://config.wallba.com/Public/Configs/KpInstall/AnImg.xml
http://config.153624.com/Public/conf/open/1/%s_%s/10.jpg
img.wallba.com
%d/xp/%d/%d/%d
%d/win7/%d/%d/%d
%d/%d/%d/%d/%d
%d/0/%d/%d/%d
%s/%d.xml
%d%d%d%d%d%d%d.xml
thumbnail.xml
TempWallFile\TempThemWall.jpg
kpTailor.exe
%dK/s
/Public/Configs/Album/%d
/%d.xml
KpInstallTheme.exe type=
\Web\Wallpaper\Windows\img0.jpg
Web\Wallpaper\bliss.jpg
\NoticeDlgSkin.ini
skinConfig\skinconfig.ini
.jpeg
KpInstallTheme.exe
\SettingMenuDlgConfig\MainMenuDlgSkin.ini
-iexplore.exe
windows 3.1
windows 95,
windows 98,
windows NT
windows 2000
windows xp
windows 2003
windows 2008
windows 7
windows 8
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwin7x64.rar
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwin7.rar
http://config.wallba.com/Public/Configs/themecrack/crackthemepackwinxp.rar
\themeui.dll
\UpdateUi\SkinCenter.ini
SkinSetting.xml
\UpdateNoticeDlg.ini
&key=
/stat.php?c=download&a=add
stat.wallba.com
/stat/statUserAction.php
action.wallba.com
Windows 7
Windows Vista
tongji.zhenlaji.com
%s %d
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
.PAVCInternetException@@
Range: bytes=%d-%d
Range: bytes=%d-
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
Referer: %s
http://www.wallba.com/
Host: %s
GET %s HTTP/1.1
%s_%d
/kp_api.php?s=favorite/addFavorite
down_url
type_%d
IEOpenURL
SystemExeName
KeyFilePath
KeyPath
0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
0628597greek81201258windows-1258
1201257windows-12570738598logical
1201256windows-12560651932euc-jp
1201255windows-1255
2701143x-ebcdic-finlandsweden-euro1201254windows-1254
0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
0801250x-cp12501201252windows-1252
1201251windows-12511528598iso_8859-8:1988
1201250windows-12502301149x-ebcdic-icelandic-euro
1150220iso-2022-jp1100874windows-874
1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
0551932x-euc1250221_iso-2022-jp1000932csshiftjis
http-equiv
<>=\/?!"';
(%d nulls removed)
length %d
to length %d
to %d bytes
from length %d
from byte length %d
%s("%s","%s","%s")
CWebBrowser2
WebBrowser Create Failed!
www.baidu.com
%d %d
btn%d_count
btn%d_image
btn%d_chage
%d %d %d %d
%d %d %
progressShadow
colorkey
isshow
layer_%d
x=%d,y=%d
ui/empty.png
_DeleteElem(): item=%d, elem=%d, type=%d, nType=%d
CGuiTree::DeleteItem(): id=%d
\themeservice.dll
\uxtheme.dll
Windows 7 Home
Microsoft Windows Millennium Edition
Microsoft Windows 98
Microsoft Windows 95
%s (Build %d)
Service Pack 6a (Build %d)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
%d.%d
Web Edition
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003,
Microsoft Windows XP Professional x64 Edition
Windows Server "Longhorn"
1, 0, 0, 1
kuping_v4.EXE

kp4_Mini.exe_1488:

.text
`.rdata
@.data
.rsrc
MFC42.DLL
MSVCRT.dll
_acmdln
KERNEL32.dll
USER32.dll
MSVCP60.dll
0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
0628597greek81201258windows-1258
1201257windows-12570738598logical
1201256windows-12560651932euc-jp
1201255windows-1255
2701143x-ebcdic-finlandsweden-euro1201254windows-1254
0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
0801250x-cp12501201252windows-1252
1201251windows-12511528598iso_8859-8:1988
1201250windows-12502301149x-ebcdic-icelandic-euro
1150220iso-2022-jp1100874windows-874
1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
0551932x-euc1250221_iso-2022-jp1000932csshiftjis
%s\%s
minikey
softset.ini
GetExeFlag
UniversalFunction.dll
1.0.0.1
version.ini
2013,1,1,1,1,1
dddddd
1987,1,1,1,1,1
softProc
KP_5.exe
1, 0, 0, 1
UniversalMini.EXE


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    kp4_Mini.exe:1488
    dwwin.exe:2040
    dwwin.exe:1728
    kuping_v4.exe:1068
    kt_Mini.exe:344
    getnew.exe:1076
    getnew.exe:1088
    KPToolBar.exe:1664
    kpTopBar_b_8.exe:1836
    kuping_b_53390.exe:1988

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temp\op_16.tmp (1 bytes)
    C:\kuping4\softset.ini (366 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\MI_19.tmp (1 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\Mini.ico (1159 bytes)
    C:\kuping4\Universal\unrar.dll (185 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\6f1b_appcompat.txt (20221 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\bg.png (2 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\默认\skin.ini (822 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\seach.png (1 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\seach-btn.png (1 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\close.png (2 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\small.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\MA_1B.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\DI_1D.tmp (1 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\skinconfig.ini (89 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\默认\ui\mini\logo.png (4 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Program Files%\kuping_b_53390.exe (37274 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\186E55.dmp (127725 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\185AFC.dmp (127763 bytes)
    C:\kuping4\Update\soft.ini (1714 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\DW_13.tmp (126 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\Liveindex[1].htm (312 bytes)
    C:\kuping4\TempDownLoad\Home\11275.jpg_0 (388 bytes)
    C:\kuping4\Kpclick.ini (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\op_12.tmp (631 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\MI_E.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\op_A.tmp (1 bytes)
    %Documents and Settings%\%current user%\My Documents\Universal\Universal.ini (237 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\4ea8_appcompat.txt (11916 bytes)
    C:\KPToolBar\Universal\skinConfig.rar (1961 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\默认\skin.ini (822 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\close.png (2 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\small.png (1 bytes)
    C:\KPToolBar\softset.ini (44 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\DW_B.tmp (633 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\seach.png (1 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\Mini.ico (1159 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\seach-btn.png (1 bytes)
    C:\KPToolBar\Universal\unrar.dll (185 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\skinconfig.ini (89 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\bg.png (2 bytes)
    C:\KPToolBar\Universal\UniversalMiniSkin\默认\ui\mini\logo.png (4 bytes)
    C:\KPToolBar\Update\soft.ini (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\DW_6.tmp (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\DW_15.tmp (426 bytes)
    C:\kuping4\Update\updatelog.ini (31 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\DW_5.tmp (126 bytes)
    %System%\config\SOFTWARE.LOG (9947 bytes)
    %System%\config\software (7765 bytes)
    C:\KPToolBar\TempDownLoad\resource\wallpaper\wallpaper_l\328\0\0\create_time\0\1_100\0.zip__1401890328 (912 bytes)
    C:\KPToolBar\TempDownLoad\resource\wallpaper\wallpaper_l\321\0\0\create_time\0\1_100\0.xml (22194 bytes)
    %Documents and Settings%\%current user%\NTUSER.DAT.LOG (8512 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\op_4.tmp (1 bytes)
    C:\KPToolBar\skinConfig\DesktopToolBarLocation.ini (36 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\op_8.tmp (631 bytes)
    C:\KPToolBar\TempDownLoad\resource\wallpaper\wallpaper_l\328\0\0\create_time\0\1_100\0.xml (22306 bytes)
    C:\KPToolBar\TempDownLoad\resource\wallpaper\wallpaper_l\321\0\0\create_time\0\1_100\0.zip__1401890328 (574 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\delete.png (1 bytes)
    %Documents and Settings%\%current user%\UserData\YJM90VAL\config.153624[1].xml (266 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\Default.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\set_4.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\bg0.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_MyDocument.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\local_add.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_SpreadButton.png (1 bytes)
    C:\KPToolBar\Update\SkinResource\Update.png (196 bytes)
    C:\KPToolBar\Update\SkinResource\BKStep2.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\Tips\bz_2.png (588 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\float.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\IeList.ini (527 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\4.png (1372 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Up_.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\21[1].gif (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\set.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\DesktopToolBarMsg.ini (432 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_SpreadButton.png (1 bytes)
    C:\KPToolBar\Update\UDStatictical.dll (1882 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\jian.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\delete.png (1 bytes)
    C:\KPToolBar\Update\SkinResource\IsNew.png (196 bytes)
    C:\KPToolBar\Update\UpData.dll (2342 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\soso_btn.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\01.png (1176 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\shop.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\set_1.png (1 bytes)
    C:\KPToolBar\Update\Skin.ini (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\op_3.tmp (225 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\lijixiufu.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\Thumbs.db (1568 bytes)
    C:\KPToolBar\skinConfig\Default\CWyst_AddPicDlg.ini (196 bytes)
    C:\KPToolBar\Update\SkinResource\BKStep1.png (1098 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\option.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\select.png (3 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\input.png (212 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\ck.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\news.png (3 bytes)
    C:\KPToolBar\Update\SkinResource\ProgressBar.png (984 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Slider_V.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\line.png (934 bytes)
    C:\KPToolBar\skinConfig\DesktopToolBarSettingInfo.ini (450 bytes)
    C:\KPToolBar\skinConfig\Default\ui\IeMenu\sougou.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\txt2.png (1 bytes)
    C:\KPToolBar\WallPaperIni\WallPaperSytle.xml (234 bytes)
    C:\KPToolBar\GameIcon\Nomal\gameicon.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tongji_baidu[1].htm (295 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\soso.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\APP.ini (598 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\set.png (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\bg_small.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\slice3.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\DesktopToolBarAbout.ini (542 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\delete.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    C:\KPToolBar\wdj_connection_wrapper.dll (1949 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\system.png (1 bytes)
    C:\KPToolBar\UserBehaviorStatistics.dll (471 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_Cancel.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\DesktopToolBarBZ.ini (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\index[1].htm (750 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\search.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\hide\bg2.png (1 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\dan_xuan.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_ChooseBox.png (1 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Load-Fail-.png (2 bytes)
    C:\KPToolBar\TongJICNZZ.dll (1333 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Bar.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (192 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\add.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\IeMenu\bg.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\video.png (196 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\down.png (161 bytes)
    C:\KPToolBar\skinConfig\Default\ui\IeMenu\google.png (1 bytes)
    %Documents and Settings%\%current user%\Desktop\¿áÆÁ¹¤¾ßÌõ.lnk (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\slice.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_Advance.png (4 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\cancel.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\now-loading.png (1 bytes)
    C:\KPToolBar\SystemConfig\setting.ini (547 bytes)
    C:\KPToolBar\skinConfig\Default\ui\Tips\bz_1.png (588 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\slice1.png (2 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\xiezai.png (375 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\lijiuninstall.png (784 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\line2.png (929 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\bg_02.png (1568 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\check.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\wallbase_bg.png (157 bytes)
    C:\KPToolBar\Update\SkinResource\FnishSmall.png (2 bytes)
    C:\KPToolBar\getnew.exe (1960 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\scroll_bg.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\RadioBox.png (1 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\danxuan.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\note.png (1960 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\bg.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\link.png (784 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\finish2.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_CancelCT.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\seach_bar.png (1 bytes)
    C:\KPToolBar\DeskTopPop.exe (1529 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\using.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\play.png (4 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\set.png (1 bytes)
    C:\KPToolBar\skinConfig\IsFirst.ini (97 bytes)
    C:\KPToolBar\Uninstall\Link.exe (275 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_NoPic_AfterCT.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\promt_cancel.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\video.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\search.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\close.png (2 bytes)
    C:\KPToolBar\skinConfig\AppUrl.ini (222 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\64165825687\LZMA.dll (68 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\procss_time.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\wait.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\mini.png (196 bytes)
    C:\KPToolBar\Update\info.ini (20 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_AddToUL.png (4 bytes)
    C:\KPToolBar\skinConfig\Default\DesktopToolBar.ini (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\scroll_bar_img.png (972 bytes)
    C:\KPToolBar\skinConfig\Default\DesktopToolAdd.ini (991 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\cancel.png (3 bytes)
    C:\KPToolBar\Update\SkinResource\Minimize.png (392 bytes)
    C:\KPToolBar\UniversalFunction.dll (4017 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\360_btn.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\bg.png (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[3].js (1262 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[2].js (331 bytes)
    C:\KPToolBar\Update\SkinResource\Fnish.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\360.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_NoPic_BeforeCT.png (980 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\ie.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\IeMenu\focus.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\game.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\logo.png (196 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\Uninstall.ini (1 bytes)
    C:\KPToolBar\skinConfig\skinconfig.ini (88 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\close.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\sure.png (196 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\advert.png (980 bytes)
    C:\KPToolBar\skinConfig\Default\ui\IeMenu\soso.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\ta.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\prompt.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanResult\Img_SelectAll.png (2 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (183 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\mennu_narrow.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\chk.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\scaning.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\soougou_btn.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\goole_logo.png (2 bytes)
    C:\KPToolBar\Update\SkinResource\Cancel.png (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\MsgBox_1.ini (729 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\btn_known.png (3 bytes)
    C:\KPToolBar\Update\SkinResource\Ok.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\Tips\search_tips.png (588 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\slice2.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\set_focus.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\focus.png (1 bytes)
    C:\KPToolBar\unrar.dll (824 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\jindutiao.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Down.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\DesktopToolBarSearch.ini (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\add.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\like.png (2 bytes)
    C:\KPToolBar\Update\SkinResource\PopupBox.png (392 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\¿áÆÁ¹¤¾ßÌõ\¿áÆÁ¹¤¾ßÌõ.lnk (1 bytes)
    C:\KPToolBar\skinConfig\category.xml (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\About\about.png (588 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\¿áÆÁ¹¤¾ßÌõ\жÔØ¿áÆÁ¹¤¾ßÌõ.lnk (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\close.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\hide\show.png (1 bytes)
    C:\KPToolBar\Repairer.exe (549 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\img_01.png (157 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\round.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\time.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\txt3.png (1 bytes)
    C:\KPToolBar\zlib1.dll (1490 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\ĬÈÏ\ui\msgbox\close.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\set_2.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\bg_01.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Slider.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\set_bg.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\txt.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\google_btn.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\hide\bg.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\logo.png (588 bytes)
    C:\KPToolBar\skinConfig\Default\DesktopToolBarPop.ini (699 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\news.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\DeskRelevance.ini (210 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\line.png (944 bytes)
    C:\KPToolBar\skinConfig\Default\ui\ToolGames\tip.png (392 bytes)
    C:\KPToolBar\kt_Mini.exe (157 bytes)
    C:\KPToolBar\skinConfig\Default\DesktopToolBarSetting.ini (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\edit.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\clear.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\bg.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\bg2.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\Thumbs.db (1176 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\play.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\ListBg.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_Desktop.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\tips.ini (450 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (189 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Bar_V.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Down_V.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\radio.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_Disk.png (1 bytes)
    C:\KPToolBar\Uninstall\installedSoftInfo.ini (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanResult\SR_Img_Choice.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\1.png (1176 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\BKGND.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\prompt_sure.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\google.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\3.png (980 bytes)
    C:\KPToolBar\skinConfig\Default\ui\Tips\Toolnote3.png (784 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\set_3.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\hide\Thumbs.db (4 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\ie.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\scroll_bar.png (1 bytes)
    C:\KPToolBar\Update\SkinResource\Exit.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\select.png (1 bytes)
    %Documents and Settings%\%current user%\UserData\2Z89WTQV\img.wallba[1].xml (266 bytes)
    C:\KPToolBar\Kp_BootClr.exe (1137 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\game.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\ying.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\HideBtn.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\bg.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Bar_H.png (962 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\add_pic.jpg (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\sorry.png (392 bytes)
    C:\KPToolBar\skinConfig\Default\ToolGames.ini (912 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\Thumbs.db (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_CloseButton.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\pic.png (1 bytes)
    C:\KPToolBar\Update\SkinResource\CheckUpdate.png (1 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\check-box_focus.png (991 bytes)
    C:\KPToolBar\skinConfig\Default\ui\IeMenu\baidu.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Down_H.png (1 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\up.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\TongJICNZZ.dll (1333 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Slider_H.png (982 bytes)
    C:\KPToolBar\KPToolBar.exe (4292 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\like.png (2 bytes)
    C:\KPToolBar\skinConfig\DesktopToolBarBZInfo.ini (43 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\shop.png (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[1].js (160 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\2.png (1176 bytes)
    C:\KPToolBar\skinConfig\Default\ui\hide\show2.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\h[4].js (1149 bytes)
    C:\KPToolBar\uninstall.exe (2733 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\skinconfig.ini (91 bytes)
    C:\KPToolBar\Kpclick.ini (39 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\close.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\set_2.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\About\sure.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\baidu_btn.png (2 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\open.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\using.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\CheckBox.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_CTing.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\baidu_logo.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\jia.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\sougou.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\IeMenu\360.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\close.png (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\default_pic.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Up_V.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\Thumbs.db (784 bytes)
    C:\KPToolBar\skinConfig\Default\ui\menu\set_3.png (1 bytes)
    C:\KPToolBar\skinConfig\so.xml (2 bytes)
    C:\KPToolBar\Update\SkinResource\Point.png (1 bytes)
    C:\KPToolBar\ExpandPackCheck.exe (1725 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBar\download.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\64165825687\skinconfig\installedSoftInfo.ini (2 bytes)
    C:\KPToolBar\skinConfig\Default\ui\MyBZ\Thumbs.db (784 bytes)
    C:\KPToolBar\Uninstall\skinConfig_un\Default\ui\Uninstall\check-box.png (540 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\ement.png (3 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\bg.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\AddAPP\mini.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Up_H.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\AddPicDlg\Img_CTDir.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\Tips\180x130-game.png (784 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\focus.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\time_bar.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_Folder.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\ICON_RecentLook.png (751 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\dotted.png (967 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSetting\set_1.png (3 bytes)
    C:\KPToolBar\version.ini (44 bytes)
    C:\KPToolBar\skinConfig\Default\ui\imagelist\Wyst\ScanDlg\Img_Scan.png (196 bytes)
    C:\KPToolBar\skinConfig\Default\ui\DesktopToolBarSearch\baidu_logo1.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\slected.png (1 bytes)
    C:\KPToolBar\skinConfig\Default\ui\kpBZ\seach.png (1 bytes)
    C:\KPToolBar\skinConfig\DesktopToolBarSearchInfo.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list-screen.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\bg_focus.png (327 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\LocalManagement_Layer.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-6.png (210 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\delete.png (486 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list-mause.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\management.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\computer.png (1568 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\aboutme-text.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\delete.png (960 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\h[2].js (13 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\bg_small.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\image-bg.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\recover.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\update-button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\button-skin-add.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\UploadImageLayer.ini (3 bytes)
    %Documents and Settings%\%current user%\UserData\KTOR0Z81\config.153624[1].xml (310 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\tick_fcous.png (714 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\cancel-button.png (1 bytes)
    C:\kuping4\kpTopBar_b_8.exe (219778 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\min.png (338 bytes)
    C:\kuping4\TempDownLoad\UserLive\tempfile\userlive.xml (480 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\notice\sure_button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\cursor\right.cur (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\1111.png (199 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\serch-bg.png (161 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\cancel-button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\bg_di.png (306 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\RegisterSkin.ini (693 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\close.png (3 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\¿áÆÁ4\¿áÆÁ4.lnk (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_block.png (95 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\update.png (556 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\blue.png (307 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\explain.png (559 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\add-app-bg_02.png (523 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\scroll-bg.png (305 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\SkinInfo.ini (19 bytes)
    C:\kuping4\TempDownLoad\Home\11276.jpg (392 bytes)
    C:\kuping4\kuping_v4.exe (5620 bytes)
    C:\kuping4\Kp_BootClry.exe (1137 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\left-bck.png (1 bytes)
    C:\kuping4\SystemConfig\setting.ini (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\btn_known.png (3 bytes)
    C:\kuping4\TempDownLoad\Home\11272.jpg (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\share.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\notice\notice.png (1 bytes)
    C:\kuping4\Appsoftconfig\image\clear.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\skin_bg_02.png (791 bytes)
    C:\kuping4\UniversalFunction.dll (4840 bytes)
    C:\kuping4\Appsoftconfig\image\ielogo.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\login_button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\progress\progress_bg.png (283 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\kupingbg-03_01.png (784 bytes)
    C:\kuping4\Uninstall\StartMenu.exe (24 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Conventional-set.png (988 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\attention.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list-icon.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\list-pause.png (669 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-3.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\max.png (157 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\App.png (868 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\x.png (943 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\lijixiufu.png (784 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-2.png (1 bytes)
    C:\kuping4\TempDownLoad\StartUp\tempfile\StartUp.xml (784 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_deck.png (175 bytes)
    C:\kuping4\MSGBoxSkin\UI\stop_button.png (1 bytes)
    C:\kuping4\Appsoftconfig\image\buttoncmd.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\kp4.2flash_01.png (791 bytes)
    C:\kuping4\Update\SkinResource\CheckUpdate.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Default-recovery_button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\bg_02.png (4 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\center-line.png (128 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\collection.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\bg.png (341 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\theme.png (196 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\Uninstall.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IconListEx\cancel.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\album.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\UpDateMenu_Layer.ini (1 bytes)
    C:\kuping4\MSGBoxSkin\MSGBoxSkin.ini (2 bytes)
    C:\kuping4\MSGBoxSkin\UI\delete.png (486 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list-Screen-saver.png (196 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\bg_02.png (1765 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\mainsub.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\progress.png (107 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[2].js (427 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\MouseNavigation_Layer.ini (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\search.png (681 bytes)
    C:\kuping4\KPUpdater.dll (3439 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\smile.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\re-choice.png (371 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\delete.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\help.png (633 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\home.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list_wallpaper.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\mause.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\lefr_bg.png (194 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\ApplicationMenu_Layer.ini (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\ui\msgbox\cancel.png (3 bytes)
    C:\kuping4\QuickenFunctionConfig\Management\status.ini (161 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\mainsub.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\newcreat-bg.png (171 bytes)
    C:\kuping4\Update\SkinResource\Minimize.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\Modify-head.png (922 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\progress\iconlist_bg.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\¿áÆÁ4.0flash_02.png (414 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\tick.png (227 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\bg_top.png (984 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\TailorHeadImageLayer.ini (1 bytes)
    C:\kuping4\TempDownLoad\Home\11273.jpg (588 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\sure_button.png (1 bytes)
    C:\kuping4\KpInstallTheme.exe (1764 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\update-online_botton.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\TongJICNZZ.dll (65 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\newcreat-focus.png (214 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\progress_focus.png (190 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\focus.png (222 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\theme-max.png (1529 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\application\icon_focus.png (483 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\failRefresh.png (382 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\about\logo_s.png (970 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\add.png (392 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (205 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\MenuSetConfig.ini (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\KP_1\LZMA.dll (68 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\list-bg.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\MainSkin.ini (697 bytes)
    C:\kuping4\Universal\Soft\softset.ini (78 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\tag.ini (205 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\kupingbg-03_02.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Personal-center.png (196 bytes)
    C:\kuping4\MSGBoxSkin\UI\retry_button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\cursor\left.cur (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tag-line.png (108 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\notMulti.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\help_icon.png (730 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\error.png (544 bytes)
    C:\kuping4\Universal\skinConfig.rar (980 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\silder.png (363 bytes)
    C:\kuping4\VersionConfig.xml (1060 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\notcheak.png (391 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\bg.png (1372 bytes)
    C:\kuping4\getnew.exe (1960 bytes)
    C:\kuping4\SpecialSubject.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\progress\cancel.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\down.png (178 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\SkinCenter.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\MainSkin.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\loading.png (196 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\jindutiao.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\installedSoftInfo.ini (1952 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\line.png (109 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\reg-btn.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\focus-bg.png (107 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\op_2.tmp (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\notchoose.png (879 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\aboutme.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\progress\progress_bg1.png (258 bytes)
    C:\kuping4\TempDownLoad\UserLive\version.ini (29 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\application\scroll_thumb.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\install-button.png (1 bytes)
    C:\kuping4\QuickenFunctionConfig\Management\ManagementCommerce.xml (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\white.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\skin_bg_03.png (421 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\delete.png (1 bytes)
    C:\kuping4\info.ini (16 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\login_bg.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\log-bckhead.png (4 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\tui-chu.png (232 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\application.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\close.png (2 bytes)
    C:\kuping4\Appsoftconfig\image\buttonclear.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\delete.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\AppDlgConfig\MainDlgSkin.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\loading.png (2 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\advert.png (980 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\bg_top.png (984 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\NoticeDlgSkin.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\line_w.png (91 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\pro.png (338 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\SkinCenterDownload.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\notMulti.png (912 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\IconsFolderNavigation_Layer.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\loading.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\delete.png (486 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\myBaoku.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\load.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\install_icon.png (971 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\cover.png (109 bytes)
    C:\kuping4\TempDownLoad\TagInfo\list_win7.xml (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\title-bg.png (2 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\bg.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\set.png (522 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\bg_nf.png (588 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\download.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\cut_button-ato.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\kankan.png (1921 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\skin.png (629 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\green.png (324 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\bg_01.png (708 bytes)
    C:\kuping4\MSGBoxSkin\UI\success.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\choose.png (883 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\Login_Layer.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\new-bg.png (274 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-5.png (214 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\news.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\upload_button.png (588 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\progress\progress_bg2.png (182 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\sure_button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\bg.png (784 bytes)
    C:\kuping4\TempDownLoad\Home\11279.jpg (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\meihua.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_thumb.png (744 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\page.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\about\sure_button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\application\scroll_block.png (763 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\notice-bg.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\silent_download.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateDownloadPage.ini (592 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\bg1.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\loading2.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\city-about.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\menu_move.png (440 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\Label-input-box.png (258 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\open.png (784 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\uphead.png (1 bytes)
    C:\kuping4\QuickenFunctionConfig\home\HomeConfig.xml (1 bytes)
    C:\kuping4\TempDownLoad\Home\Homeversion.ini (31 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\yellow.png (298 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\log-bck.png (543 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\danxuan.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\focus.png (142 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\seach-btn.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\FeedbackDlgConfig\MainFeedbackDlg.ini (879 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\mail.png (263 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\Screen-saver.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tag_focus.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\WebContro.ini (529 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\logo.png (970 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\function.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\install_icon.png (971 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\focus.png (199 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\drop-down.png (338 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\add-app-bg_01.png (974 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\sina_logo.png (638 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\app.png (987 bytes)
    C:\kuping4\TempDownLoad\TagInfo\TagVersion.ini (29 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\MainSkin.ini (3 bytes)
    C:\kuping4\Uninstall\skinConfig_un\skinconfig.ini (85 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\album.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\My-collection.png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (176 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\begin.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\title-Modify-head.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\gray.png (313 bytes)
    C:\kuping4\QuickenFunctionConfig\deskIco\status.ini (16 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (212 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\img_01.png (588 bytes)
    C:\kuping4\Appsoftconfig\image\play.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\application\iconlist_bg.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\head120.png (1372 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\silder-fill.png (343 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\set-cancel.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index[1].htm (750 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\logo.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IconListEx\icon_focus.png (510 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\KP_1\skinconfig\ĬÈÏ\MsgBox_1.ini (729 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\bg.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\tailorBg.jpg (1764 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\cheak.png (564 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\logo.png (970 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\update.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\orange.png (327 bytes)
    C:\kuping4\skinConfig\skinversion.ini (29 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\shuyeer.png (196 bytes)
    C:\kuping4\Appsoftconfig\image\buttoncoculation.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ScreenSaverNavigation_Layer.ini (196 bytes)
    C:\kuping4\Appsoftconfig\image\soft.xml (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\set_icon.png (782 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\upon.png (288 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateNetError.ini (633 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateSkin.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\bg_wf.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\delete.png (486 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\popmenu.png (678 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\check-box_focus.png (991 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\My-share.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\focus-l.png (222 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\about\about.png (1176 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\m.png (3 bytes)
    C:\kuping4\MSGBoxSkin\UI\warning.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\¡Ì.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\page2.png (106 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\sure.png (634 bytes)
    C:\kuping4\UserBehaviorStatistics.dll (471 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\list_theme.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\logo.png (584 bytes)
    C:\kuping4\kp4_Mini.exe (157 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\AllApplication_Layer.ini (1 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\input.png (212 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\Label-input-box1.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\continue.png (382 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\delete.png (486 bytes)
    C:\kuping4\uninstall.exe (2145 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IconListEx\add-m.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\recover.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\SepLine.png (99 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\skin_bg_01.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\updown.png (280 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\HomePageShow_Layer.ini (3 bytes)
    C:\kuping4\Appsoftconfig\APPversion.ini (59 bytes)
    C:\kuping4\MSGBoxSkin\UI\faild.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\refresh.png (1 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\seach.png (1 bytes)
    C:\kuping4\Update\SkinResource\Exit.png (1 bytes)
    C:\kuping4\Appsoftconfig\image\buttonplay.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateCheckPage.ini (261 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\loading2.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateInfoPage.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\MyBaoku.ini (3 bytes)
    C:\kuping4\DeskTopPop.exe (1529 bytes)
    C:\kuping4\Appsoftconfig\image\sou.png (196 bytes)
    C:\kuping4\Update\SkinResource\IsNew.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\Boot-screen.png (196 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\close.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\DownloadWebDlg\scroll.png (410 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\mennu-bg.png (363 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\blue.png (90 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\min.png (338 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\cancel.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\collection.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\set.png (234 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\nextpage.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\BootScreenNavigation_Layer.ini (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\brown.png (286 bytes)
    C:\kuping4\Update\SkinResource\BKStep1.png (902 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\icon.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\MainMenuDlgSkin.ini (2 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\¿áÆÁ4\жÔØ¿áÆÁ4.lnk (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\progress\progress.png (179 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\save.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\SystemThemeNavigation_Layer.ini (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\pink.png (290 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\wallpaper.png (196 bytes)
    C:\kuping4\MSGBoxSkin\UI\error.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\doc_plus_icon&16.png (264 bytes)
    C:\kuping4\unrar.dll (824 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\down.png (161 bytes)
    C:\kuping4\Update\SkinResource\ProgressBar.png (984 bytes)
    C:\kuping4\QuickenFunctionConfig\deskIco\DeskIconConfig.xml (8 bytes)
    C:\kuping4\KPMsgBoxDll.dll (2694 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\feedback_icon.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Silence-set_button.png (1 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\finish2.png (588 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\small.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\focus-2.png (200 bytes)
    C:\kuping4\TempDownLoad\Home\11274.jpg (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\delete-button.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\CenterDlgConfig\WebPage.ini (594 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\list-bg.png (96 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\mouse.png (549 bytes)
    C:\kuping4\skinConfig\skinconfig.ini (84 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Download-set.png (966 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Multi.png (998 bytes)
    C:\kuping4\login.dll (2185 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\right_bg.png (194 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Application-Settings.png (953 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-share\bg.png (196 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\¿áÆÁ4.lnk (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\line_h.png (92 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\WebContrl_Layer.ini (775 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ImageLookDlgConfig\MainSkin.ini (129 bytes)
    C:\kuping4\TongJICNZZ.dll (1333 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\application.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_down.png (982 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\black.png (316 bytes)
    %Documents and Settings%\%current user%\Desktop\¿áÆÁ4.lnk (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\start.png (941 bytes)
    C:\kuping4\dgmon.dll (471 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\Input-box.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\view-bg.png (509 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\fail.png (196 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\lijiuninstall.png (784 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Screening-bg2.png (102 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\Alert.png (1 bytes)
    C:\kuping4\Appsoftconfig\image\Iebuttonlogo.png (196 bytes)
    C:\kuping4\TempDownLoad\Home\home.xml (1764 bytes)
    C:\kuping4\livability.dll (510 bytes)
    C:\kuping4\Update\SkinResource\Fnish.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\fail.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\WebContro.ini (617 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\show.png (413 bytes)
    C:\kuping4\Kp_BootClr.exe (1137 bytes)
    C:\kuping4\Repairer.exe (549 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\re.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\UpdateNormal.ini (641 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\backpage.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\white.png (283 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\set_1.png (522 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\kupingbg-03_03.png (980 bytes)
    C:\kuping4\Appsoftconfig\image\cmd.png (196 bytes)
    C:\kuping4\Update\SkinResource\Point.png (1 bytes)
    C:\kuping4\BootStart.dll (157 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\cancel.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\add-app-bg_03.png (412 bytes)
    C:\kuping4\Universal\UniversalMiniSkin\ĬÈÏ\ui\mini\logo.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\about\delete.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\h[1].js (5 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\notice\Alert.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\App-manager.png (654 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\display_shadow.png (115 bytes)
    C:\kuping4\Universal\UniversalCpaSkin.rar (1098 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\app-button.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\content.png (416 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\delete.png (486 bytes)
    C:\kuping4\MSGBoxSkin\UI\infomation.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\mennu-bg2.png (1 bytes)
    C:\kuping4\Appsoftconfig\image\coculation.png (196 bytes)
    %Documents and Settings%\%current user%\UserData\YJM90VAL\img.wallba[1].xml (310 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\tooltipUi\cut_button-hand.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\headbg.png (556 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\DownloadWebImageDlg\MainSkin.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\My-resources.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\about.png (606 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\dan_xuan.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\bg_vein.png (268 bytes)
    C:\kuping4\Appsoftconfig\button.xml (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\LocTween_Layer.ini (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\login-btn.png (2 bytes)
    C:\kuping4\Update\SkinResource\Cancel.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateNoticeDlg.ini (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\scroll_thumb.png (842 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\SeverTween_Layer.ini (1 bytes)
    C:\kuping4\Update\SkinResource\BKStep2.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\screen.png (314 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tip.png (591 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\set.png (549 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\notchoose.png (879 bytes)
    C:\kuping4\version.ini (44 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\red.png (318 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\scroll_up.png (927 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\head60.png (392 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\up.png (160 bytes)
    C:\kuping4\SystemConfig\LocWallpaleXml.xml (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Software-update.png (998 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\ImageLook\loading.png (3 bytes)
    C:\kuping4\Update\UpData.dll (2342 bytes)
    C:\kuping4\Update\SkinResource\Update.png (196 bytes)
    C:\kuping4\QuickenFunctionConfig\Setup\CpaConfig.xml (8 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\newUi\local.png (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\SkinCenter\scroll_block.png (763 bytes)
    C:\kuping4\IndividualCenter.dll (5389 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\list-bg2.png (2 bytes)
    C:\kuping4\SkinCenter.dll (3635 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\daohang\myDownLoad.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ResourceNavigation_Layer.ini (974 bytes)
    C:\kuping4\MSGBoxSkin\UI\yes_button.png (1 bytes)
    C:\kuping4\Appsoftconfig\softtempfile\soft.xml (196 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IconListEx\iconlist_bg.png (314 bytes)
    C:\kuping4\Appsoftconfig\image\buttonsou.png (196 bytes)
    C:\kuping4\skinConfig\SkinSetting.xml (1 bytes)
    C:\kuping4\MSGBoxSkin\UI\question.png (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\UpdateNotice\bkimg.png (429 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\Directory-box_bg.png (397 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-4.png (287 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\submit.png (196 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\check-box.png (540 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\flowerpot.png (3 bytes)
    C:\kuping4\Update\info.ini (18 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Menu\doc_empty_icon&16.png (293 bytes)
    C:\kuping4\Update\UDStatictical.dll (1882 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\choose.png (883 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\slice\bg-1.png (794 bytes)
    C:\kuping4\TempDownLoad\TagInfo\list_xp.xml (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\finish-button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\ConventionalMenu_Layer.ini (1 bytes)
    C:\kuping4\KPConfig.inf (3 bytes)
    C:\kuping4\Uninstall\installedSoftInfo.ini (984 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\kupingbg-02.png (588 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\Personal-information\share.png (472 bytes)
    C:\kuping4\TempDownLoad\Home\11277.jpg (196 bytes)
    C:\kuping4\SystemConfig\LocThemeXml.xml (416 bytes)
    C:\kuping4\ThemeInstall.dll (863 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\Screening-bg.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\caption-bg.png (417 bytes)
    C:\kuping4\MSGBoxSkin\UI\bg_top.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\cheakskin\MainSkin.ini (1 bytes)
    C:\kuping4\MSGBoxSkin\UI\cancel-button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\refresh.png (726 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\suspend.png (504 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\tempfile.tmp (184 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\apple.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\DesktopWallpaperNavigation_Layer.ini (196 bytes)
    C:\kuping4\Update\SkinResource\PopupBox.png (392 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tag.png (195 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\kankan.png (1725 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\feedback\delete.png (486 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\NoLogin_Layer.ini (941 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\My-resources\use.png (196 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\bg_01.png (392 bytes)
    C:\kuping4\TempDownLoad\SearchBuff.ini (23 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\IndivCenter\upload\tag-bg.png (350 bytes)
    C:\kuping4\MSGBoxSkin\UI\no_button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\color\purple.png (325 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tongji_baidu[1].htm (295 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\list\progress_frame.png (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\login\ui\failure.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\SettingMenuDlgConfig\DownLoadMenu_Layer.ini (3 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\UpdateUi\ui\UpdateSkin\min.png (338 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\xiezai.png (375 bytes)
    C:\kuping4\TempDownLoad\Home\11278.jpg (588 bytes)
    C:\kuping4\Update\SkinResource\Ok.png (196 bytes)
    C:\kuping4\Update\SkinResource\FnishSmall.png (2 bytes)
    C:\kuping4\Uninstall\skinConfig_un\ĬÈÏ\ui\Uninstall\mennu_narrow.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\progress\icon_focus.png (317 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\skin.png (629 bytes)
    C:\kuping4\Update\Skin.ini (2 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\jindutiao1.png (99 bytes)
    C:\kuping4\ExpandPackCheck.exe (1725 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\add-app-bg.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\icon.png (1764 bytes)
    C:\kuping4\MSGBoxSkin\UI\ok_button.png (1 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\ui\focus3.png (357 bytes)
    C:\kuping4\skinConfig\ĬÈÏ\AboutDlgConfig\MainDlg.ini (1 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KPToolBar" = "c:\KPToolBar\Kp_BootClr.exe"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kuping4" = "c:\kuping4\Kp_BootClr.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now