Removed: C:\WINDOWS\system32\drivers\winyyy.sys C:\WINDOWS\lsass.exe C:\WINDOWS\winhost.exe (trojan Tesefo)

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


Malware: ie2.exe

Removed: C:\WINDOWS\system32\drivers\winyyy.sys
C:\WINDOWS\lsass.exe
C:\WINDOWS\winhost.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: WinMSS
Author: Microsoft Corporation
Related File: C:\WINDOWS\winhost.exe
Type: Auto Services

Item Name: winyyy.sys
Author: Windows (R) 2000 DDK provider
Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WINYYY.SYS
Type: Drivers

Item Name: lsass.exe
Author: Microsoft Corporation
Related File: C:\WINDOWS\LSASS.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\InfPath
Value: “oem8.inf”

Registry: HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Service
Value: “MyProt”

Registry: HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\Service
Value: “WinMSS”

Registry: HKLM\System\CurrentControlSet\Services\MyProt\ImagePath
Value: “system32\DRIVERS\winyyy.sys”

Registry: HKLM\System\CurrentControlSet\Services\MyProt\DisplayName
Value: “Network Monitor Protocol Driver”

Registry: HKLM\System\CurrentControlSet\Services\WinMSS\ImagePath
Value: “C:\WINDOWS\winhost.exe”

Registry: HKLM\System\CurrentControlSet\Services\WinMSS\DisplayName
Value: “Windows Management System Server”

Files:
C:\WINDOWS\inf\oem8.inf
C:\WINDOWS\inf\oem8.PNF
C:\WINDOWS\system32\drivers\winyyy.sys
C:\WINDOWS\lsass.exe
C:\WINDOWS\win.txt
C:\WINDOWS\winhost.exe

—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.07.08 Dropped:Trojan.Generic.3992452
Kaspersky 7.0.0.125 2010.07.08 -
Microsoft 1.5902 2010.07.08 TrojanDownloader:Win32/Tesefo.A
NOD32 5263 2010.07.08 Win32/TrojanDownloader.Agent.PZT

—————————————————————————————————————————-
Additional information
File size: 123904 bytes
MD5 : d5e5e0be1bb6b0f212dea0dd22c8b784
SHA1 : bb8b644cbd4a27e906ad0259651c2bbd42ca641a
SHA256: b784fc881fb56dceeaad3afbad770a3c76eaa1acc389877be514af02413c06e7
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:12
———————————-
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\Interfaces
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000
HKLM\System\CurrentControlSet\Services\MyProt
HKLM\System\CurrentControlSet\Services\MyProt\Linkage
HKLM\System\CurrentControlSet\Services\MyProt\Security
HKLM\System\CurrentControlSet\Services\WinMSS
HKLM\System\CurrentControlSet\Services\WinMSS\Security

———————————-
Values added:44
———————————-
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\Interfaces\UpperRange: “noupper”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\Interfaces\LowerRange: “ndis5,ndis4,ndis5_prot”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\Service: “MyProt”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\HelpText: “Netmon Ey?Y°u?¶»nCy¶??I?oOE?i Netmon OA»§?cA?»nE?A??OIa??IoAcµAEy?Y°u??”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Characteristics: 0×00000000
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\InfPath: “oem8.inf”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\InfSection: “Install”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Description: “Network Monitor Protocol Driver”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\ComponentId: “MS_NDISPROT”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Service: “MyProt”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\DeviceDesc: “Network Monitor Protocol Driver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Capabilities: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\Service: “WinMSS”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\DeviceDesc: “Windows Management System Server”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Services\MyProt\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\MyProt\Linkage\Bind: ‘\Device\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
HKLM\System\CurrentControlSet\Services\MyProt\Linkage\Route: ‘”{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}”‘
HKLM\System\CurrentControlSet\Services\MyProt\Linkage\Export: ‘\Device\MyProt_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
HKLM\System\CurrentControlSet\Services\MyProt\Type: 0×00000001
HKLM\System\CurrentControlSet\Services\MyProt\Start: 0×00000003
HKLM\System\CurrentControlSet\Services\MyProt\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\MyProt\Tag: 0x0000000E
HKLM\System\CurrentControlSet\Services\MyProt\ImagePath: “system32\DRIVERS\winyyy.sys”
HKLM\System\CurrentControlSet\Services\MyProt\DisplayName: “Network Monitor Protocol Driver”
HKLM\System\CurrentControlSet\Services\MyProt\Group: “NDIS”
HKLM\System\CurrentControlSet\Services\MyProt\Description: “Network Monitor Protocol Driver”
HKLM\System\CurrentControlSet\Services\WinMSS\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\WinMSS\Type: 0×00000110
HKLM\System\CurrentControlSet\Services\WinMSS\Start: 0×00000002
HKLM\System\CurrentControlSet\Services\WinMSS\ErrorControl: 0×00000000
HKLM\System\CurrentControlSet\Services\WinMSS\ImagePath: “C:\WINDOWS\winhost.exe”
HKLM\System\CurrentControlSet\Services\WinMSS\DisplayName: “Windows Management System Server”
HKLM\System\CurrentControlSet\Services\WinMSS\ObjectName: “LocalSystem”
HKLM\System\CurrentControlSet\Services\WinMSS\Description: “?UAi»uOUWindowsCy¶??I?o?e??µAAaOA?I?u?U??Ec?u?uOA?E·?In?¬IOE?OAAµ?E·?InµA?aEu·?In?«I?·??o¶???”

———————————-
Values modified:4
———————————-
(-) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage\UpperBind: ‘Ndisuio RasPppoe Tcpip’
(+) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage\UpperBind: ‘MyProt Ndisuio RasPppoe Tcpip’
(-) HKLM\System\CurrentControlSet\Control\GroupOrderList\Ndis: 0C 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00
(+) HKLM\System\CurrentControlSet\Control\GroupOrderList\Ndis: 0E 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00 0D 00 00 00 0E 00 00 00
(-) HKLM\System\CurrentControlSet\Control\Network\Config: 00 00 00 00 1C 00 00 00 60 23 3C EE 96 01 85 43 B9 B9 1D CE 00 74 11 10 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 77 00 7A 00 63 00 73 00 76 00 63 00 00 00 00 00 78 4F 32 99 D6 A1 3A 47 9A 72 BB 24 92 1C 55 26 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 73 00 74 00 65 00 65 00 6C 00 68 00 65 00 61 00 64 00 00 00 00 00 69 08 89 16 10 AB ED 42 90 B5 52 AE 60 06 61 74 04 00 00 00 38 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 73 00 72 00 76 00 00 00 00 00 A6 FF 73 17 C6 1B 86 4A B7 1F F1 D4 19 69 AD 22 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 6D 00 61 00 6E 00 00 00 00 00 C2 C1 8C 05 63 F3 8D 44 BA DE 98 BE 85 44 2A 9B 04 00 00 00 38 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 63 00 6C 00 69 00 00 00 00 00 49 76 C7 49 5D CA D9 45 A5 EB 02 33 64 48 BB 12 04 00 00 00 00 00 00 00 6D 00 73 00 5F 00 73 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00 8A E5 97 A1 7C 28 5F 4E 92 25 46 8A 82 AC 24 72 04 00 00 00 10 04 00 00 6D 00 73 00 5F 00 70 00 73 00 63 00 68 00 65 00 64 00 00 00 00 00 F0 2C 7B 0C 72 E0 5E 4C BB 10 BA C1 1D 96 63 52 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 67 00 70 00 63 00 00 00 00 00 09 A6 4F BD 8C 3A 9C 4B BC F8 BA 07 82 89 5F B7 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 61 00 6C 00 67 00 00 00 00 00 87 30 52 5C CE 94 F4 4D 9F 13 B3 7C D1 F0 D4 64 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 69 00 6F 00 73 00 00 00 00 00 8A 58 63 07 7D 58 7E 43 99 B3 71 33 DF 89 67 79 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 72 00 73 00 76 00 70 00 00 00 00 00 63 C0 F0 F9 E4 C9 18 42 A0 BA 27 FD 84 BD 1E 42 03 00 00 00 80 00 00 00 6D 00 73 00 5F 00 6D 00 73 00 63 00 6C 00 69 00 65 00 6E 00 74 00 00 00 00 00 CA 4B 9B 1D 1C DF 2B 4A 86 62 AF ED C3 BA 86 93 03 00 00 00 08 00 00 00 6D 00 73 00 5F 00 77 00 65 00 62 00 63 00 6C 00 69 00 65 00 6E 00 74 00 00 00 00 00 E9 58 59 ED F7 A8 6B 43 A7 6A 12 5E C8 64 B3 3B 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 70 00 70 00 70 00 6F 00 65 00 00 00 00 00 A4 84 3F E4 CD 69 CF 49 A1 8C B6 41 64 6C 00 03 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 70 00 70 00 74 00 70 00 00 00 00 00 04 60 55 DD 3D 17 C8 48 A7 E6 60 D3 87 2A DB 18 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 6C 00 32 00 74 00 70 00 00 00 00 00 EA 9A DA CC 43 E6 95 45 A0 3F 7E C7 7C 52 7B 2F 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 77 00 61 00 6E 00 00 00 00 00 0F 80 F2 DC 31 89 BB 40 A8 34 C0 2E 21 81 85 B7 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 75 00 69 00 6F 00 00 00 00 00 F3 94 5F 5D 0C 1C 18 4B BF FD 4C 6C D6 61 C0 01 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 74 00 5F 00 73 00 6D 00 62 00 00 00 00 00 B8 6F 0D 4C 7C 30 DE 4D 9E 15 85 F1 47 DA 73 B7 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 74 00 00 00 00 00 3C 66 C6 46 A4 6E CA 4E 8C D7 70 AC AD 0A 9D 8F 02 00 00 00 A0 00 00 00 6D 00 73 00 5F 00 74 00 63 00 70 00 69 00 70 00 00 00 00 00 C5 AB 45 04 B0 DC 8B 4E A5 BE DA 7B 97 3E BA 30 00 00 00 00 84 00 00 00 70 00 63 00 69 00 5C 00 76 00 65 00 6E 00 5F 00 31 00 30 00 32 00 32 00 26 00 64 00 65 00 76 00 5F 00 32 00 30 00 30 00 30 00 26 00 73 00 75 00 62 00 73 00 79 00 73 00 5F 00 32 00 30 00 30 00 30 00 31 00 30 00 32 00 32 00 00 00 50 00 43 00 49 00 5C 00 56 00 45 00 4E 00 5F 00 31 00 30 00 32 00 32 00 26 00 44 00 45 00 56 00 5F 00 32 00 30 00 30 00 30 00 26 00 53 00 55 00 42 00 53 00 59 00 53 00 5F 00 32 00 30 00 30 00 30 00 31 00 30 00 32 00 32 00 26 00 52 00 45 00 56 00 5F 00 31 00 30 00 5C 00 34 00 26 00 34 00 37 00 42 00 37 00 33 00 34 00 31 00 26 00 30 00 26 00 31 00 30 00 38 00 38 00 00 00 6E 2E 95 05 EA 4A 64 49 A8 20 43 E1 A9 47 35 E0 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 77 00 61 00 6E 00 69 00 70 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 4E 00 44 00 49 00 53 00 57 00 41 00 4E 00 49 00 50 00 5C 00 30 00 30 00 30 00 30 00 00 00 A1 C0 69 79 7B 53 4D 43 AB 1B 3E C8 AA 3F 72 29 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 74 00 69 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 54 00 49 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 8B AD B9 88 BB DF 2B 4E 86 F1 18 A3 D9 4F 1F 03 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 70 00 70 00 6F 00 65 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 50 00 50 00 4F 00 45 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 3D 45 35 35 1A E9 60 40 92 F3 BC 5B F7 EC D3 A5 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 70 00 74 00 70 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 50 00 54 00 50 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 D3 44 BE 41 11 F6 7E 40 B4 60 74 41 C0 8B 14 CE 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 6C 00 32 00 74 00 70 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 4C 00 32 00 54 00 50 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 EA 05 E8 2D 4F E3 D8 45 88 33 35 F2 78 9C 30 EA 00 00 00 00 2A 00 00 00 73 00 77 00 5C 00 7B 00 65 00 65 00 61 00 62 00 37 00 37 00 39 00 30 00 2D 00 63 00 35 00 31 00 34 00 2D 00 31 00 31 00 64 00 31 00 2D 00 62 00 34 00 32 00 62 00 2D 00 30 00 30 00 38 00 30 00 35 00 66 00 63 00 31 00 32 00 37 00 30 00 65 00 7D 00 00 00 53 00 57 00 5C 00 7B 00 45 00 45 00 41 00 42 00 37 00 37 00 39 00 30 00 2D 00 43 00 35 00 31 00 34 00 2D 00 31 00 31 00 44 00 31 00 2D 00 42 00 34 00 32 00 42 00 2D 00 30 00 30 00 38 00 30 00 35 00 46 00 43 00 31 00 32 00 37 00 30 00 45 00 7D 00 5C 00 41 00 53 00 59 00 4E 00 43 00 4D 00 41 00 43 00 00 00 00 00 00 00 11 00 00 00 06 00 00 00 15 00 00 00 06 00 00 00 16 00 00 00 05 00 00 00 12 00 00 00 05 00 00 00 13 00 00 00 09 00 00 00 13 00 00 00 0B 00 00 00 12 00 00 00 0B 00 00 00 13 00 00 00 11 00 00 00 15 00 00 00 0D 00 00 00 15 00 00 00 14 00 00 00 15 00 00 00 14 00 00 00 16 00 00 00 10 00 00 00 17 00 00 00 10 00 00 00 18 00 00 00 10 00 00 00 19 00 00 00 10 00 00 00 1A 00 00 00 10 00 00 00 1B 00 00 00 13 00 00 00 14 00 00 00 00 00 00 00 15 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 01 00 00 00 0B 00 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 01 00 00 00 14 00 00 00 00 00 00 00 0B 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 11 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 01 00 00 00 14 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 01 00 00 00 14 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
(+) HKLM\System\CurrentControlSet\Control\Network\Config: 00 00 00 00 1D 00 00 00 60 23 3C EE 96 01 85 43 B9 B9 1D CE 00 74 11 10 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 77 00 7A 00 63 00 73 00 76 00 63 00 00 00 00 00 78 4F 32 99 D6 A1 3A 47 9A 72 BB 24 92 1C 55 26 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 73 00 74 00 65 00 65 00 6C 00 68 00 65 00 61 00 64 00 00 00 00 00 69 08 89 16 10 AB ED 42 90 B5 52 AE 60 06 61 74 04 00 00 00 38 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 73 00 72 00 76 00 00 00 00 00 A6 FF 73 17 C6 1B 86 4A B7 1F F1 D4 19 69 AD 22 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 6D 00 61 00 6E 00 00 00 00 00 C2 C1 8C 05 63 F3 8D 44 BA DE 98 BE 85 44 2A 9B 04 00 00 00 38 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 63 00 6C 00 69 00 00 00 00 00 49 76 C7 49 5D CA D9 45 A5 EB 02 33 64 48 BB 12 04 00 00 00 00 00 00 00 6D 00 73 00 5F 00 73 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00 8A E5 97 A1 7C 28 5F 4E 92 25 46 8A 82 AC 24 72 04 00 00 00 10 04 00 00 6D 00 73 00 5F 00 70 00 73 00 63 00 68 00 65 00 64 00 00 00 00 00 F0 2C 7B 0C 72 E0 5E 4C BB 10 BA C1 1D 96 63 52 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 67 00 70 00 63 00 00 00 00 00 09 A6 4F BD 8C 3A 9C 4B BC F8 BA 07 82 89 5F B7 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 61 00 6C 00 67 00 00 00 00 00 87 30 52 5C CE 94 F4 4D 9F 13 B3 7C D1 F0 D4 64 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 69 00 6F 00 73 00 00 00 00 00 8A 58 63 07 7D 58 7E 43 99 B3 71 33 DF 89 67 79 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 72 00 73 00 76 00 70 00 00 00 00 00 63 C0 F0 F9 E4 C9 18 42 A0 BA 27 FD 84 BD 1E 42 03 00 00 00 80 00 00 00 6D 00 73 00 5F 00 6D 00 73 00 63 00 6C 00 69 00 65 00 6E 00 74 00 00 00 00 00 CA 4B 9B 1D 1C DF 2B 4A 86 62 AF ED C3 BA 86 93 03 00 00 00 08 00 00 00 6D 00 73 00 5F 00 77 00 65 00 62 00 63 00 6C 00 69 00 65 00 6E 00 74 00 00 00 00 00 27 84 B9 72 F6 35 F5 41 99 FF B0 5A 1C EB CA D6 02 00 00 00 00 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 70 00 72 00 6F 00 74 00 00 00 00 00 E9 58 59 ED F7 A8 6B 43 A7 6A 12 5E C8 64 B3 3B 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 70 00 70 00 70 00 6F 00 65 00 00 00 00 00 A4 84 3F E4 CD 69 CF 49 A1 8C B6 41 64 6C 00 03 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 70 00 70 00 74 00 70 00 00 00 00 00 04 60 55 DD 3D 17 C8 48 A7 E6 60 D3 87 2A DB 18 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 6C 00 32 00 74 00 70 00 00 00 00 00 EA 9A DA CC 43 E6 95 45 A0 3F 7E C7 7C 52 7B 2F 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 77 00 61 00 6E 00 00 00 00 00 0F 80 F2 DC 31 89 BB 40 A8 34 C0 2E 21 81 85 B7 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 75 00 69 00 6F 00 00 00 00 00 F3 94 5F 5D 0C 1C 18 4B BF FD 4C 6C D6 61 C0 01 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 74 00 5F 00 73 00 6D 00 62 00 00 00 00 00 B8 6F 0D 4C 7C 30 DE 4D 9E 15 85 F1 47 DA 73 B7 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 74 00 00 00 00 00 3C 66 C6 46 A4 6E CA 4E 8C D7 70 AC AD 0A 9D 8F 02 00 00 00 A0 00 00 00 6D 00 73 00 5F 00 74 00 63 00 70 00 69 00 70 00 00 00 00 00 C5 AB 45 04 B0 DC 8B 4E A5 BE DA 7B 97 3E BA 30 00 00 00 00 84 00 00 00 70 00 63 00 69 00 5C 00 76 00 65 00 6E 00 5F 00 31 00 30 00 32 00 32 00 26 00 64 00 65 00 76 00 5F 00 32 00 30 00 30 00 30 00 26 00 73 00 75 00 62 00 73 00 79 00 73 00 5F 00 32 00 30 00 30 00 30 00 31 00 30 00 32 00 32 00 00 00 50 00 43 00 49 00 5C 00 56 00 45 00 4E 00 5F 00 31 00 30 00 32 00 32 00 26 00 44 00 45 00 56 00 5F 00 32 00 30 00 30 00 30 00 26 00 53 00 55 00 42 00 53 00 59 00 53 00 5F 00 32 00 30 00 30 00 30 00 31 00 30 00 32 00 32 00 26 00 52 00 45 00 56 00 5F 00 31 00 30 00 5C 00 34 00 26 00 34 00 37 00 42 00 37 00 33 00 34 00 31 00 26 00 30 00 26 00 31 00 30 00 38 00 38 00 00 00 6E 2E 95 05 EA 4A 64 49 A8 20 43 E1 A9 47 35 E0 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 77 00 61 00 6E 00 69 00 70 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 4E 00 44 00 49 00 53 00 57 00 41 00 4E 00 49 00 50 00 5C 00 30 00 30 00 30 00 30 00 00 00 A1 C0 69 79 7B 53 4D 43 AB 1B 3E C8 AA 3F 72 29 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 74 00 69 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 54 00 49 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 8B AD B9 88 BB DF 2B 4E 86 F1 18 A3 D9 4F 1F 03 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 70 00 70 00 6F 00 65 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 50 00 50 00 4F 00 45 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 3D 45 35 35 1A E9 60 40 92 F3 BC 5B F7 EC D3 A5 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 70 00 74 00 70 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 50 00 54 00 50 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 D3 44 BE 41 11 F6 7E 40 B4 60 74 41 C0 8B 14 CE 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 6C 00 32 00 74 00 70 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 4C 00 32 00 54 00 50 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 EA 05 E8 2D 4F E3 D8 45 88 33 35 F2 78 9C 30 EA 00 00 00 00 2A 00 00 00 73 00 77 00 5C 00 7B 00 65 00 65 00 61 00 62 00 37 00 37 00 39 00 30 00 2D 00 63 00 35 00 31 00 34 00 2D 00 31 00 31 00 64 00 31 00 2D 00 62 00 34 00 32 00 62 00 2D 00 30 00 30 00 38 00 30 00 35 00 66 00 63 00 31 00 32 00 37 00 30 00 65 00 7D 00 00 00 53 00 57 00 5C 00 7B 00 45 00 45 00 41 00 42 00 37 00 37 00 39 00 30 00 2D 00 43 00 35 00 31 00 34 00 2D 00 31 00 31 00 44 00 31 00 2D 00 42 00 34 00 32 00 42 00 2D 00 30 00 30 00 38 00 30 00 35 00 46 00 43 00 31 00 32 00 37 00 30 00 45 00 7D 00 5C 00 41 00 53 00 59 00 4E 00 43 00 4D 00 41 00 43 00 00 00 00 00 00 00 12 00 00 00 06 00 00 00 16 00 00 00 06 00 00 00 17 00 00 00 05 00 00 00 13 00 00 00 05 00 00 00 14 00 00 00 09 00 00 00 14 00 00 00 0B 00 00 00 13 00 00 00 0B 00 00 00 14 00 00 00 0D 00 00 00 16 00 00 00 12 00 00 00 16 00 00 00 0E 00 00 00 16 00 00 00 15 00 00 00 16 00 00 00 15 00 00 00 17 00 00 00 11 00 00 00 18 00 00 00 11 00 00 00 19 00 00 00 11 00 00 00 1A 00 00 00 11 00 00 00 1B 00 00 00 11 00 00 00 1C 00 00 00 14 00 00 00 15 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 11 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 01 00 00 00 0B 00 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 0B 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 12 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
(-) HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000001
(+) HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000000

———————————-
Files added:6
———————————-
C:\WINDOWS\inf\oem8.inf
C:\WINDOWS\inf\oem8.PNF
C:\WINDOWS\system32\drivers\winyyy.sys
C:\WINDOWS\lsass.exe
C:\WINDOWS\win.txt
C:\WINDOWS\winhost.exe

———————————-
Files [attributes?] modified:3
———————————-
C:\WINDOWS\inf\INFCACHE.1
C:\WINDOWS\setupapi.log
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp

———————————-
Total changes:69
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

Leave a Reply