Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
virus.win32.gael.c also known as PUA.Bang5mai, Win32.Trojan.WisdomEyes.16070401.9500.9931.
Malware Analysis of virus.win32.gael.c – TCADAPTORCHRM.EXE
Created files:
%LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DJGHKGGDAMPKOGMKMNMPFHFPBGEDPMFM\1.2.2.11_0\_METADATA\VERIFIED_CONTENTS.JSON
%LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\COM.KOUSHUIDANG.TUCAO.JSON
%LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\TCADAPTORCHRM.EXE
%LOCAL APPDATA%\MICROSOFT\INTERNET EXPLORER\DOMSTORE\3J6WAL81\HAO.360[1].XML
%LOCAL APPDATA%\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\ACTIVE\RECOVERYSTORE.{4660602B-A451-11E6-B077-000C2982064B}.DAT
Autostart registry keys:
HKLM\SOFTWARE\CLASSES\CLSID\{25A1EDDD-CAD0-40EE-B868-905EA69DC803}\INPROCSERVER32\: “%LOCAL APPDATA%\TUCAO\1.1.3.9\TCHELPER.DLL”
HKLM\Software\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll”
HKLM\Software\Classes\CLSID\{34B3C588-D06C-4F92-929C-2C3A0BC7F821}\InprocServer32\: “%Program Files%\LuDaShi\ComputerZ7.dll”
HKLM\Software\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll”
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll”
HKLM\Software\Classes\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32\: “%Program Files%\Tencent\QQBrowser\9.3.7080.400\webp\WebpDecodeFilter.dll”
HKLM\Software\Classes\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll”
HKLM\Software\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\InprocServer32\: “%Program Files%\?iN?\X86\KZipShell.dll”
HKLM\SOFTWARE\CLASSES\CLSID\{E05434C6-00F1-41DA-988E-F953F1A56460}\INPROCSERVER32\: “%LOCAL APPDATA%\TUCAO\1.1.3.9\TCPLUGIN.DLL”
HKLM\Software\Classes\KuaiZip.001\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.002\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.003\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.004\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.005\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.006\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.007\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.008\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.009\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.01\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.010\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.011\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.012\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.013\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.014\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.015\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.016\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.017\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.018\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.019\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.02\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.020\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.021\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.022\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.023\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.024\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.025\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.026\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.027\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.028\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.029\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.03\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.030\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.031\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.032\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.033\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.034\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.035\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.036\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.037\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.038\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.039\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.04\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.040\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.041\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.042\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.043\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.044\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.045\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.046\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.047\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.048\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.049\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.05\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.050\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.051\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.052\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.053\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.054\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.055\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.056\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.057\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.058\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.059\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.06\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.060\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.061\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.062\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.063\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.064\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.065\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.066\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.067\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.068\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.069\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.07\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.070\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.071\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.072\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.073\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.074\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.075\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.076\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.077\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.078\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.079\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.08\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.080\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.081\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.082\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.083\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.084\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.085\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.086\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.087\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.088\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.089\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.09\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.090\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.091\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.092\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.093\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.094\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.095\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.096\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.097\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.098\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.099\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.7z\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.arj\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.bz2\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.cab\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.gz\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.gzip\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.jar\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.kz\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.lzh\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.mou\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.rar\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.rpm\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.tar\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.tbz\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.tgz\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.wim\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.z\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\KuaiZip.zip\shell\open\command\: “%Program Files%\?iN?\X86\KuaiZip.exe “%1″”
HKLM\Software\Classes\QQBrowser.File\shell\open\command\: “”%Program Files%\Tencent\QQBrowser\QQBrowser.exe” — “%1″”
HKLM\Software\Classes\QQBrowser.Protocol\shell\open\command\: “”%Program Files%\Tencent\QQBrowser\QQBrowser.exe” — “%1″”
HKLM\Software\Classes\Tencent.QQBrowser.Default\.exe\shell\open\command\: “”%Program Files%\Tencent\QQBrowser\QQBrowser.exe” %*”
HKLM\Software\Classes\UCHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.HTM\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.SHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Classes\UCHTML.AssocFile.XHTML\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
HKLM\Software\Clients\StartMenuInternet\UCBrowser\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe””
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\: “UC???”
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath: “”%Program Files%\UCBrowser\Application\5.7.16173.12\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –wow-install-target-path=”%Program Files%\UCBrowser””
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name: “UC???”
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled: 0x00000001
HKLM\Software\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version: “43,0,0,0”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\91GameBox2_is1\DisplayName: “91GameBox2 1.1.4”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\91GameBox2_is1\UninstallString: “”%Program Files%\Ks91Gamebox\UninsFiles\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KuaiZip\UninstallString: “%Program Files%\?iN?\X86\Uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KuaiZip\DisplayName: “?iN?”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ludashi_is1\DisplayName: “???”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ludashi_is1\UninstallString: “%Program Files%\LuDaShi\uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser\DisplayName: “QQ???”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser\UninstallString: “%Program Files%\Tencent\QQBrowser\uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser\DisplayName: “UC???”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser\UninstallString: “”%Program Files%\UCBrowser\Application\Uninstall.exe” –uninstall –system-level”
HKLM\Software\UCBrowser\UninstallString: “%Program Files%\UCBrowser\Application\Uninstall.exe”
HKLM\System\CurrentControlSet\services\ComputerZ\ImagePath: “\??\%Program Files%\LuDaShi\ComputerZ.sys”
HKLM\System\CurrentControlSet\services\ComputerZ\DisplayName: “ComputerZ”
HKLM\System\CurrentControlSet\services\ComputerZLock\ImagePath: “\??\%Program Files%\LuDaShi\ComputerZLock.sys”
HKLM\System\CurrentControlSet\services\ComputerZLock\DisplayName: “ComputerZLock”
HKLM\System\CurrentControlSet\services\HpSvc\ImagePath: “%SystemRoot%\System32\svchost.exe -k netsvcs”
HKLM\System\CurrentControlSet\services\HpSvc\DisplayName: “Hardware Protection Service”
HKLM\System\CurrentControlSet\services\KuaizipUpdateChecker\ImagePath: “%SystemRoot%\System32\svchost.exe -k kuaizipupdatesvc”
HKLM\System\CurrentControlSet\services\KuaizipUpdateChecker\DisplayName: “KuaizipUpdateChecker”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TSQBDRV\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\TSQBDRV.SYS”
HKLM\System\CurrentControlSet\services\TsQBDrv\DisplayName: “TsQBDrv”
HKLM\System\CurrentControlSet\services\TxQBService\ImagePath: “”%Program Files%\Tencent\QQBrowser\TsService.exe””
HKLM\System\CurrentControlSet\services\TxQBService\DisplayName: “TxQBService”
HKLM\System\CurrentControlSet\services\UCBrowserSvc\ImagePath: “”%Program Files%\UCBrowser\Application\UCService.exe””
HKLM\System\CurrentControlSet\services\UCBrowserSvc\DisplayName: “UC???????”
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UCDRV\IMAGEPATH: “\??\%SYSDIR%\DRIVERS:UCDRV-X86.SYS”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Ks91Gameboxrun: “”%Program Files%\Ks91Gamebox\Ks91Gamebox.exe” /tray”
HKCU\Software\Tencent\QQBrowser\http\shell\open\command\: “”%Program Files%\UCBrowser\Application\UCBrowser.exe” — “%1″”
Detected by UnHackMe:
TCADAPTORCHRM.EXE
DEFAULT LOCATION: %LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\TCADAPTORCHRM.EXE
Dropper hash(md5): 0341cdbf5a58b17b066867b2e37fc88e
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.