ADWARE/Xiaoxiong.ohkw

Adware No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

ADWARE/Xiaoxiong.ohkw also known as Adware.Xiaoxiong.Win32.10, Adware ( 004da59d1 ), PE:Malware.Generic(Thunder)!1.A1C4 [F].

Malware Analysis of ADWARE/Xiaoxiong.ohkw – TERPY.EXE

Created files:

%Program Files%\JisuCopy\Hunter.exe
%Program Files%\JisuCopy\Skin\link.ico
%Program Files%\JisuCopy\Terpy.exe
%Program Files%\JisuCopy\TunBase.dll
%Program Files%\JisuCopy\TunBase64.dll

Autostart registry keys:

HKLM\Software\Classes\Applications\anote.exe\NoStartPage: “”
HKLM\Software\Classes\Applications\uninstall.exe\NoStartPage: “”
HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\”
HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\”
HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\”
HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\QYPlugin.dll”
HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program Files%\360\360Safe\Utils\npaxlogin.dll”
HKLM\Software\Classes\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\Shell\Open\command\: “%SystemRoot%\explorer.exe C:\”
HKLM\Software\Classes\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{26CD0715-0722-479B-A8C7-29A911171774}\InProcServer32\: “%Program Files%\360\360Safe\Utils\shell360ext.dll”
HKLM\Software\Classes\CLSID\{2A650B6F-1548-4294-AB07-F17604108156}\Shell\Open\command\: “%SystemRoot%\explorer.exe O:\”
HKLM\Software\Classes\CLSID\{2A650B6F-1548-4294-AB07-F17604108156}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\Accelerator\IEHelper.dll”
HKLM\Software\Classes\CLSID\{34B3C588-D06C-4F92-929C-2C3A0BC7F821}\InprocServer32\: “%Program Files%\LuDaShi\ComputerZ7.dll”
HKLM\Software\Classes\CLSID\{467B32FF-C688-40FF-95FC-C7C61247B0AA}\InprocServer32\: “%Program Files%\360\360Safe\SoftMgr\SMWebProxy.dll”
HKLM\Software\Classes\CLSID\{47F57C45-E7A1-4414-A6F0-A0865F6E4CA6}\Shell\Open\command\: “%SystemRoot%\explorer.exe Q:\”
HKLM\Software\Classes\CLSID\{47F57C45-E7A1-4414-A6F0-A0865F6E4CA6}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{4D88ED58-E7F0-4EF2-AE06-5D5873AD19C6}\Shell\Open\command\: “%SystemRoot%\explorer.exe X:\”
HKLM\Software\Classes\CLSID\{4D88ED58-E7F0-4EF2-AE06-5D5873AD19C6}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{55F9A4E2-52B3-4743-9EA7-2FEE413DABB6}\Shell\Open\command\: “%SystemRoot%\explorer.exe N:\”
HKLM\Software\Classes\CLSID\{55F9A4E2-52B3-4743-9EA7-2FEE413DABB6}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{5E19C0CE-C02C-46c2-98C3-A2E12EDE0E17}\InprocServer32\: “%Program Files%\360\360Safe\SoftMgr\SoftMgrExt.dll”
HKLM\Software\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\QYPlugin.dll”
HKLM\Software\Classes\CLSID\{63A39D0C-0B63-49EE-BB21-D106ED548C51}\Shell\Open\command\: “%SystemRoot%\explorer.exe T:\”
HKLM\Software\Classes\CLSID\{63A39D0C-0B63-49EE-BB21-D106ED548C51}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{6A377734-9D9D-44AE-A69C-06E81F6C8064}\Shell\Open\command\: “%SystemRoot%\explorer.exe W:\”
HKLM\Software\Classes\CLSID\{6A377734-9D9D-44AE-A69C-06E81F6C8064}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{78A1990F-7561-4CB9-A8BF-B6CCF8AAEB97}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{7A148181-CEB9-4F5E-B5F2-CDC5B68BD3A8}\Shell\Open\command\: “%SystemRoot%\explorer.exe A:\”
HKLM\Software\Classes\CLSID\{7A148181-CEB9-4F5E-B5F2-CDC5B68BD3A8}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{7C0F6D57-E799-4C8A-A319-8E2B4D724CF0}\InprocServer32\: “%Program Files%\360\360Safe\Utils\shell360ext.dll”
HKLM\Software\Classes\CLSID\{7FFC32EE-E81A-4E1C-8C98-E2E6F94F0A92}\InProcServer32\: “%Program Files%\JisuCopy\TunBase.dll”
HKLM\Software\Classes\CLSID\{826D8B56-A99E-4CD2-8F38-CFCE2A7B89C4}\Shell\Open\command\: “%SystemRoot%\explorer.exe B:\”
HKLM\Software\Classes\CLSID\{826D8B56-A99E-4CD2-8F38-CFCE2A7B89C4}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{86A06468-8A7C-4EFA-A61C-9C0E911194C9}\Shell\Open\command\: “%SystemRoot%\explorer.exe C:\”
HKLM\Software\Classes\CLSID\{86A06468-8A7C-4EFA-A61C-9C0E911194C9}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{87515F61-A66C-4319-A0E0-D416CB8059E3}\InprocServer32\: “%Program Files%\360\360Safe\Safelive.dll”
HKLM\Software\Classes\CLSID\{A0AB8231-8E73-410D-8D1C-BE1027EA19A3}\Shell\Open\command\: “%SystemRoot%\explorer.exe H:\”
HKLM\Software\Classes\CLSID\{A0AB8231-8E73-410D-8D1C-BE1027EA19A3}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{A23CB8EB-C9C4-475D-88C0-CC51933F2D9E}\Shell\Open\command\: “%SystemRoot%\explorer.exe Z:\”
HKLM\Software\Classes\CLSID\{A23CB8EB-C9C4-475D-88C0-CC51933F2D9E}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{AF1859F5-DF30-4EEC-9404-E5F32FD260B7}\Shell\Open\command\: “%SystemRoot%\explorer.exe P:\”
HKLM\Software\Classes\CLSID\{AF1859F5-DF30-4EEC-9404-E5F32FD260B7}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}\InprocServer32\: “%Program Files%\360\360Safe\safemon\safemon.dll”
HKLM\Software\Classes\CLSID\{C0B3184D-90C8-4F4D-B19A-42B6C659378B}\Shell\Open\command\: “%SystemRoot%\explorer.exe J:\”
HKLM\Software\Classes\CLSID\{C0B3184D-90C8-4F4D-B19A-42B6C659378B}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{C9A94B6A-60FB-4A19-8BA3-4A2068F1026D}\Shell\Open\command\: “%SystemRoot%\explorer.exe G:\”
HKLM\Software\Classes\CLSID\{C9A94B6A-60FB-4A19-8BA3-4A2068F1026D}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{CC00F81D-5262-450A-B1FA-D6BEE3406263}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\Shell\Open\Command\: “%Program Files%\IQIYI Video\LStyle\QyClient.exe web_startup_tray”
HKLM\Software\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\InProcServer32\: “shdocvw.dll”
HKLM\Software\Classes\CLSID\{D1B878E7-5528-4BAE-8CA0-41567697EF90}\InprocServer32\: “%Program Files%\360\360Safe\safemon\safemon.dll”
HKLM\Software\Classes\CLSID\{D1FD8167-E560-4B08-9F4E-CA89F979BD84}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{D8A9DF39-075A-4C8C-B48B-8121C37FFDF0}\Shell\Open\command\: “%SystemRoot%\explorer.exe S:\”
HKLM\Software\Classes\CLSID\{D8A9DF39-075A-4C8C-B48B-8121C37FFDF0}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{DEEEC48D-1053-44C5-A26F-8CC6550BD138}\InprocServer32\: “%Program Files%\360\360Safe\Utils\npaxlogin.dll”
HKLM\Software\Classes\CLSID\{E431A037-AE60-4D57-99D7-B402223AE8A0}\Shell\Open\command\: “%SystemRoot%\explorer.exe Y:\”
HKLM\Software\Classes\CLSID\{E431A037-AE60-4D57-99D7-B402223AE8A0}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{E715FE74-087F-4F4C-BB0A-0245C8A897E2}\Shell\Open\command\: “%SystemRoot%\explorer.exe L:\”
HKLM\Software\Classes\CLSID\{E715FE74-087F-4F4C-BB0A-0245C8A897E2}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{EE3F69E2-3085-4C46-B050-A45F008827D6}\Shell\Open\command\: “%SystemRoot%\explorer.exe U:\”
HKLM\Software\Classes\CLSID\{EE3F69E2-3085-4C46-B050-A45F008827D6}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{EEE8C32E-C785-4B1F-A33B-FCD6942418BD}\Shell\Open\command\: “%SystemRoot%\explorer.exe D:\”
HKLM\Software\Classes\CLSID\{EEE8C32E-C785-4B1F-A33B-FCD6942418BD}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{F6BC477E-2646-459A-9D6A-75902C24430D}\Shell\Open\command\: “%SystemRoot%\explorer.exe F:\”
HKLM\Software\Classes\CLSID\{F6BC477E-2646-459A-9D6A-75902C24430D}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{FA1B1706-967F-4834-8405-2343A38E4086}\Shell\Open\command\: “%SystemRoot%\explorer.exe K:\”
HKLM\Software\Classes\CLSID\{FA1B1706-967F-4834-8405-2343A38E4086}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\Accelerator\IEHelper.dll”
HKLM\Software\Classes\CLSID\{FD6A8A28-DB7F-478C-A358-C989EFE02096}\Shell\Open\command\: “%SystemRoot%\explorer.exe E:\”
HKLM\Software\Classes\CLSID\{FD6A8A28-DB7F-478C-A358-C989EFE02096}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”
HKLM\Software\Classes\bdhd\shell\open\command\: 22 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 51 49 59 49 20 56 69 64 65 6F 5C 4C 53 74 79 6C 65 5C 51 79 43 6C 69 65 6E 74 2E 65 78 65 22 20 2D 70 70 73 74 72 65 61 6D 20 22 25 31 22 00 3F 3F 3F 3F 18 00 48 00 3F 3F 00 00 3F 00 00 3F 3F 3F 3F 61 3F 3F 3F 3F 00 00 3F 3F 3F 3F 3F 3F 06 3F 00 00 00 00 3F 3F 02 00 1A 00 3F 22 3F 01 00 3F 3F 3F 00 00 3F 3F 3F 3F 00 00 3F 3F 3F 3F 00 00
HKLM\Software\Classes\magnet2\shell\open\command\: 22 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 51 49 59 49 20 56 69 64 65 6F 5C 4C 53 74 79 6C 65 5C 51 79 43 6C 69 65 6E 74 2E 65 78 65 22 20 2D 70 70 73 74 72 65 61 6D 20 22 25 31 22 00 3F 3F 3F 3F 18 00 48 00 3F 3F 00 00 3F 00 00 3F 3F 3F 3F 61 3F 3F 3F 3F 00 00 3F 3F 3F 3F 3F 3F 06 3F 00 00 00 00 3F 3F 02 00 1A 00 3F 22 3F 01 00 3F 3F 3F 00 00 3F 3F 3F 3F 00 00 3F 3F 3F 3F 00 00
HKLM\Software\Classes\pps\shell\open\command\: 22 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 51 49 59 49 20 56 69 64 65 6F 5C 4C 53 74 79 6C 65 5C 51 79 43 6C 69 65 6E 74 2E 65 78 65 22 20 2D 70 70 73 74 72 65 61 6D 20 22 25 31 22 00 3F 3F 3F 3F 18 00 48 00 3F 3F 00 00 3F 00 00 3F 3F 3F 3F 61 3F 3F 3F 3F 00 00 3F 3F 3F 3F 3F 3F 06 3F 00 00 00 00 3F 3F 02 00 1A 00 3F 22 3F 01 00 3F 3F 3F 00 00 3F 3F 3F 3F 00 00 3F 3F 3F 3F 00 00
HKLM\Software\Classes\ppsrun\shell\open\command\: 22 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 51 49 59 49 20 56 69 64 65 6F 5C 4C 53 74 79 6C 65 5C 51 79 43 6C 69 65 6E 74 2E 65 78 65 22 20 2D 70 70 73 74 72 65 61 6D 20 22 25 31 22 00 3F 3F 3F 3F 18 00 48 00 3F 3F 00 00 3F 00 00 3F 3F 3F 3F 61 3F 3F 3F 3F 00 00 3F 3F 3F 3F 3F 3F 06 3F 00 00 00 00 3F 3F 02 00 1A 00 3F 22 3F 01 00 3F 3F 3F 00 00 3F 3F 3F 3F 00 00 3F 3F 3F 3F 00 00
HKLM\Software\Classes\ppstream\shell\open\command\: 22 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 51 49 59 49 20 56 69 64 65 6F 5C 4C 53 74 79 6C 65 5C 51 79 43 6C 69 65 6E 74 2E 65 78 65 22 20 2D 70 70 73 74 72 65 61 6D 20 22 25 31 22 00 3F 3F 3F 3F 18 00 48 00 3F 3F 00 00 3F 00 00 3F 3F 3F 3F 61 3F 3F 3F 3F 00 00 3F 3F 3F 3F 3F 3F 06 3F 00 00 00 00 3F 3F 02 00 1A 00 3F 22 3F 01 00 3F 3F 3F 00 00 3F 3F 3F 3F 00 00 3F 3F 3F 3F 00 00
HKLM\Software\Classes\pps_pfv\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\QyClient.exe” -runfrom openfile “%1″”
HKLM\Software\Classes\pps_qsv\shell\open\command\: “”%Program Files%\IQIYI Video\LStyle\QyClient.exe” -runfrom openfile “%1″”
HKLM\Software\Classes\qips\shell\open\command\: 22 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 51 49 59 49 20 56 69 64 65 6F 5C 4C 53 74 79 6C 65 5C 51 79 43 6C 69 65 6E 74 2E 65 78 65 22 20 2D 70 70 73 74 72 65 61 6D 20 22 25 31 22 00 3F 3F 3F 3F 18 00 48 00 3F 3F 00 00 3F 00 00 3F 3F 3F 3F 61 3F 3F 3F 3F 00 00 3F 3F 3F 3F 3F 3F 06 3F 00 00 00 00 3F 3F 02 00 1A 00 3F 22 3F 01 00 3F 3F 3F 00 00 3F 3F 3F 3F 00 00 3F 3F 3F 3F 00 00
HKLM\Software\Classes\qisu\shell\open\command\: 22 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C 49 51 49 59 49 20 56 69 64 65 6F 5C 4C 53 74 79 6C 65 5C 51 79 43 6C 69 65 6E 74 2E 65 78 65 22 20 2D 70 70 73 74 72 65 61 6D 20 22 25 31 22 00 3F 3F 3F 3F 18 00 48 00 3F 3F 00 00 3F 00 00 3F 3F 3F 3F 61 3F 3F 3F 3F 00 00 3F 3F 3F 3F 3F 3F 06 3F 00 00 00 00 3F 3F 02 00 1A 00 3F 22 3F 01 00 3F 3F 3F 00 00 3F 3F 3F 3F 00 00 3F 3F 3F 3F 00 00
HKLM\Software\Classes\qygameclient\shell\open\command\: “”%Program Files%\IQIYI Video\Common\QyGameClient\QyGameClient.exe” -qygameclient “%1″”
HKLM\Software\Classes\softmanager360\Shell\Open\Command\: “”%Program Files%\360\360Safe\SoftMgr\SoftManagerProxy.exe” “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\360Safetray: “”%Program Files%\360\360Safe\safemon\360Tray.exe” /start”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ludashi_is1\DisplayName: “???”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ludashi_is1\UninstallString: “%Program Files%\LuDaShi\uninst.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MaohaAP\DisplayName: “????WiFi”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MaohaAP\UninstallString: “%Program Files%\Maoha\MaohaAP\Uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream\DisplayName: “???PPS”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPStream\UninstallString: “%Program Files%\IQIYI Video\LStyle\QyUninst.exe”
HKLM\Software\360Safe\360krnlsvc\softmgrs\ImagePath: “%Program Files%\360\360Safe\SoftMgr\360SoftMgrS.dll”
HKLM\Software\360Safe\360krnlsvc\optext\ImagePath: “%Program Files%\360\360Safe\softmgr\360OptExt.dll”
HKLM\Software\360Safe\KeepAlive\360PayInsure\ImagePath: “%Program Files%\360\360Safe\safemon\SomProxy.dll”
HKLM\Software\360Safe\KeepAlive\360GenRoad\ImagePath: “%Program Files%\360\360Safe\Utils\360GenRoadMsg.dll”
HKLM\Software\360Safe\KeepAlive\360Ask\ImagePath: “%Program Files%\360\360Safe\netmon\360AskMsg.dll”
HKLM\Software\360Safe\tpi\RouterSafe\ImagePath: “safemon\RouterSafeTpi.tpi”
HKLM\Software\360Safe\tpi\AndMon\ImagePath: “safemon\AndMon.tpi”
HKLM\Software\360Safe\tpi\360TaskBar\ImagePath: “safemon\360TaskBar.tpi”
HKLM\Software\360Safe\tpi\360softmgrlite\ImagePath: “safemon\SMLStarter.tpi”
HKLM\Software\360Safe\tpi\360SafeCamera\ImagePath: “safemon\360SafeCamera.tpi”
HKLM\Software\360Safe\tpi\360dfsopt\ImagePath: “safemon\360dfsopt.tpi”
HKLM\Software\360Safe\tpi\360bsmon\ImagePath: “safemon\360bsmon.tpi”
HKLM\Software\QiYi\QiSu\DisplayName: “???4.0”
HKLM\System\CurrentControlSet\Services\360AntiHacker\ImagePath: “System32\Drivers\360AntiHacker.sys”
HKLM\System\CurrentControlSet\Services\360AntiHacker\DisplayName: “360Safe Anti Hacker Service”
HKLM\System\CurrentControlSet\Services\360Box\ImagePath: “system32\DRIVERS\360Box.sys”
HKLM\System\CurrentControlSet\Services\360Box\DisplayName: “360Box mini-filter driver”
HKLM\System\CurrentControlSet\Services\360Camera\ImagePath: “System32\Drivers\360Camera.sys”
HKLM\System\CurrentControlSet\Services\360Camera\DisplayName: “360Safe Camera Filter Service”
HKLM\System\CurrentControlSet\Services\360netmon\ImagePath: “\??\%SysDir%\drivers\360netmon.sys”
HKLM\System\CurrentControlSet\Services\360netmon\DisplayName: “360netmon”
HKLM\System\CurrentControlSet\Services\360reskit\ImagePath: “\??\%SysDir%\drivers\360reskit.sys”
HKLM\System\CurrentControlSet\Services\360reskit\DisplayName: “360reskit driver”
HKLM\System\CurrentControlSet\Services\360SelfProtection\ImagePath: “system32\drivers\360SelfProtection.sys”
HKLM\System\CurrentControlSet\Services\360SelfProtection\DisplayName: “360SelfProtection”
HKLM\System\CurrentControlSet\Services\BAPIDRV\ImagePath: “system32\DRIVERS\BAPIDRV.sys”
HKLM\System\CurrentControlSet\Services\BAPIDRV\DisplayName: “BAPIDRV”
HKLM\System\CurrentControlSet\Services\Bonjour Service\ImagePath: “%Program Files%\IQIYI Video\LStyle\mDNSResponder.exe”
HKLM\System\CurrentControlSet\Services\Bonjour Service\DisplayName: “Bonjour Service”
HKLM\System\CurrentControlSet\Services\ComputerZ\ImagePath: “\??\%Program Files%\LuDaShi\ComputerZ.sys”
HKLM\System\CurrentControlSet\Services\ComputerZ\DisplayName: “ComputerZ”
HKLM\System\CurrentControlSet\Services\ComputerZLock\ImagePath: “\??\%Program Files%\LuDaShi\ComputerZLock.sys”
HKLM\System\CurrentControlSet\Services\ComputerZLock\DisplayName: “ComputerZLock”
HKLM\System\CurrentControlSet\Services\Dependes\ImagePath: “%Program Files%\JisuCopy\Dependes.exe”
HKLM\System\CurrentControlSet\Services\Dependes\DisplayName: “Dependes”
HKLM\System\CurrentControlSet\Services\EfiMon\ImagePath: “System32\Drivers\Efimon.sys”
HKLM\System\CurrentControlSet\Services\EfiMon\DisplayName: “EfiSystemMon”
HKLM\System\CurrentControlSet\Services\HookPort\ImagePath: “System32\Drivers\Hookport.sys”
HKLM\System\CurrentControlSet\Services\HookPort\DisplayName: “HookPort”
HKLM\System\CurrentControlSet\Services\MaohaWifiNetPro\ImagePath: “\??\%Program Files%\Maoha\MaohaAP\MaoHaWiFiNet.sys”
HKLM\System\CurrentControlSet\Services\MaohaWifiNetPro\DisplayName: “MaohaWifiNetPro”
HKLM\System\CurrentControlSet\Services\MaohaWifiSvr\ImagePath: “%Program Files%\Maoha\MaohaAP\MaohaWifiSvr.exe”
HKLM\System\CurrentControlSet\Services\MaohaWifiSvr\DisplayName: “MaohaWiFiService”
HKLM\System\CurrentControlSet\Services\PowerSaveZ\ImagePath: “\??\%Program Files%\LuDaShi\PowerSaveZ.sys”
HKLM\System\CurrentControlSet\Services\PowerSaveZ\DisplayName: “PowerSaveZ”
HKLM\System\CurrentControlSet\Services\QiyiService\ImagePath: “%Program Files%\IQIYI Video\LStyle\QiyiService.exe”
HKLM\System\CurrentControlSet\Services\QiyiService\DisplayName: “IQIYI Video Platform Service”
HKLM\System\CurrentControlSet\Services\qutmdserv\ImagePath: “\??\%SysDir%\drivers\qutmdrv.sys”
HKLM\System\CurrentControlSet\Services\qutmdserv\DisplayName: “Quantum DeepScanner Servers”
HKLM\System\CurrentControlSet\Services\qutmipc\ImagePath: “\??\%SysDir%\drivers\qutmipc.sys”
HKLM\System\CurrentControlSet\Services\qutmipc\DisplayName: “qutmipc”
HKLM\System\CurrentControlSet\Services\ZhuDongFangYu\DisplayName: “????”
HKLM\System\CurrentControlSet\Services\ZhuDongFangYu\ImagePath: “”%Program Files%\360\360Safe\deepscan\zhudongfangyu.exe””
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HCDNClient: “”%Program Files%\IQIYI Video\LStyle\QyKernel.exe” -shell_start”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ComputerZ-Tray: “”%Program Files%\LuDaShi\ComputerZTray.exe” /autorun”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B9726122-2DA5-4040-8EA7-65326E02CE7E}\DisplayName: “anote (v1.37) ”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B9726122-2DA5-4040-8EA7-65326E02CE7E}\UninstallString: “”%Program Files%\anote\uninstall.exe” _?=%Program Files%\anote”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer\UninstallString: “%Local Appdata%\Unity\WebPlayer\Uninstall.exe /CurrentUser”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer\DisplayName: “Unity Web Player”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\kaola\DisplayName: “JisuCopy”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\kaola\UninstallString: “%Program Files%\JisuCopy\uninst.exe”
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\49.0.2623.112\Installer\setup.exe” –uninstall –multi-install –chrome –system-level”

Detected by UnHackMe:

TERPY.EXE
Default location: %PROGRAM FILES%\JISUCOPY\TERPY.EXE

Dropper hash(md5): ad10cbc6d2d4c7ef4619c8ed1da43aa8

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera