Removed: C:\WINDOWS\system32\drivers\winyyy.sys C:\WINDOWS\lsass.exe C:\WINDOWS\winhost.exe (trojan Tesefo)

Dmitry Sokolov recommends UnHackMe!


UnHackMe quickly removes pop-up ads, search redirecting, browser hijack, spyware, keyloggers, PC slowdown issues. Download Now!

Download step by step PDF manual

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)


Share This:

Malware: ie2.exe

Removed: C:\WINDOWS\system32\drivers\winyyy.sys
C:\WINDOWS\lsass.exe
C:\WINDOWS\winhost.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: WinMSS
Author: Microsoft Corporation
Related File: C:\WINDOWS\winhost.exe
Type: Auto Services


Your Vote?
0 0

Item Name: winyyy.sys
Author: Windows (R) 2000 DDK provider
Related File: C:\WINDOWS\SYSTEM32\DRIVERS\WINYYY.SYS
Type: Drivers

Item Name: lsass.exe
Author: Microsoft Corporation
Related File: C:\WINDOWS\LSASS.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\InfPath
Value: “oem8.inf”

Registry: HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Service
Value: “MyProt”

Registry: HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\Service
Value: “WinMSS”

Registry: HKLM\System\CurrentControlSet\Services\MyProt\ImagePath
Value: “system32\DRIVERS\winyyy.sys”

Registry: HKLM\System\CurrentControlSet\Services\MyProt\DisplayName
Value: “Network Monitor Protocol Driver”

Registry: HKLM\System\CurrentControlSet\Services\WinMSS\ImagePath
Value: “C:\WINDOWS\winhost.exe”

Registry: HKLM\System\CurrentControlSet\Services\WinMSS\DisplayName
Value: “Windows Management System Server”

Files:
C:\WINDOWS\inf\oem8.inf
C:\WINDOWS\inf\oem8.PNF
C:\WINDOWS\system32\drivers\winyyy.sys
C:\WINDOWS\lsass.exe
C:\WINDOWS\win.txt
C:\WINDOWS\winhost.exe

—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.07.08 Dropped:Trojan.Generic.3992452
Kaspersky 7.0.0.125 2010.07.08 -
Microsoft 1.5902 2010.07.08 TrojanDownloader:Win32/Tesefo.A
NOD32 5263 2010.07.08 Win32/TrojanDownloader.Agent.PZT

—————————————————————————————————————————-
Additional information
File size: 123904 bytes
MD5 : d5e5e0be1bb6b0f212dea0dd22c8b784
SHA1 : bb8b644cbd4a27e906ad0259651c2bbd42ca641a
SHA256: b784fc881fb56dceeaad3afbad770a3c76eaa1acc389877be514af02413c06e7
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:12
———————————-
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\Interfaces
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000
HKLM\System\CurrentControlSet\Services\MyProt
HKLM\System\CurrentControlSet\Services\MyProt\Linkage
HKLM\System\CurrentControlSet\Services\MyProt\Security
HKLM\System\CurrentControlSet\Services\WinMSS
HKLM\System\CurrentControlSet\Services\WinMSS\Security

———————————-
Values added:44
———————————-
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\Interfaces\UpperRange: “noupper”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\Interfaces\LowerRange: “ndis5,ndis4,ndis5_prot”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\Service: “MyProt”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Ndi\HelpText: “Netmon Ey?Y°u?¶»nCy¶??I?oOE?i Netmon OA»§?cA?»nE?A??OIa??IoAcµAEy?Y°u??”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Characteristics: 0×00000000
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\InfPath: “oem8.inf”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\InfSection: “Install”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\Description: “Network Monitor Protocol Driver”
HKLM\System\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{72B98427-35F6-41F5-99FF-B05A1CEBCAD6}\ComponentId: “MS_NDISPROT”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Service: “MyProt”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\DeviceDesc: “Network Monitor Protocol Driver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\0000\Capabilities: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYPROT\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\Service: “WinMSS”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\Legacy: 0×00000001
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\ConfigFlags: 0×00000000
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\Class: “LegacyDriver”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\0000\DeviceDesc: “Windows Management System Server”
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINMSS\NextInstance: 0×00000001
HKLM\System\CurrentControlSet\Services\MyProt\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\MyProt\Linkage\Bind: ‘\Device\{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
HKLM\System\CurrentControlSet\Services\MyProt\Linkage\Route: ‘”{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}”‘
HKLM\System\CurrentControlSet\Services\MyProt\Linkage\Export: ‘\Device\MyProt_{0445ABC5-DCB0-4E8B-A5BE-DA7B973EBA30}’
HKLM\System\CurrentControlSet\Services\MyProt\Type: 0×00000001
HKLM\System\CurrentControlSet\Services\MyProt\Start: 0×00000003
HKLM\System\CurrentControlSet\Services\MyProt\ErrorControl: 0×00000001
HKLM\System\CurrentControlSet\Services\MyProt\Tag: 0x0000000E
HKLM\System\CurrentControlSet\Services\MyProt\ImagePath: “system32\DRIVERS\winyyy.sys”
HKLM\System\CurrentControlSet\Services\MyProt\DisplayName: “Network Monitor Protocol Driver”
HKLM\System\CurrentControlSet\Services\MyProt\Group: “NDIS”
HKLM\System\CurrentControlSet\Services\MyProt\Description: “Network Monitor Protocol Driver”
HKLM\System\CurrentControlSet\Services\WinMSS\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\System\CurrentControlSet\Services\WinMSS\Type: 0×00000110
HKLM\System\CurrentControlSet\Services\WinMSS\Start: 0×00000002
HKLM\System\CurrentControlSet\Services\WinMSS\ErrorControl: 0×00000000
HKLM\System\CurrentControlSet\Services\WinMSS\ImagePath: “C:\WINDOWS\winhost.exe”
HKLM\System\CurrentControlSet\Services\WinMSS\DisplayName: “Windows Management System Server”
HKLM\System\CurrentControlSet\Services\WinMSS\ObjectName: “LocalSystem”
HKLM\System\CurrentControlSet\Services\WinMSS\Description: “?UAi»uOUWindowsCy¶??I?o?e??µAAaOA?I?u?U??Ec?u?uOA?E·?In?¬IOE?OAAµ?E·?InµA?aEu·?In?«I?·??o¶???”

———————————-
Values modified:4
———————————-
(-) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage\UpperBind: ‘Ndisuio RasPppoe Tcpip’
(+) HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage\UpperBind: ‘MyProt Ndisuio RasPppoe Tcpip’
(-) HKLM\System\CurrentControlSet\Control\GroupOrderList\Ndis: 0C 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00
(+) HKLM\System\CurrentControlSet\Control\GroupOrderList\Ndis: 0E 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00 0D 00 00 00 0E 00 00 00
(-) HKLM\System\CurrentControlSet\Control\Network\Config: 00 00 00 00 1C 00 00 00 60 23 3C EE 96 01 85 43 B9 B9 1D CE 00 74 11 10 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 77 00 7A 00 63 00 73 00 76 00 63 00 00 00 00 00 78 4F 32 99 D6 A1 3A 47 9A 72 BB 24 92 1C 55 26 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 73 00 74 00 65 00 65 00 6C 00 68 00 65 00 61 00 64 00 00 00 00 00 69 08 89 16 10 AB ED 42 90 B5 52 AE 60 06 61 74 04 00 00 00 38 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 73 00 72 00 76 00 00 00 00 00 A6 FF 73 17 C6 1B 86 4A B7 1F F1 D4 19 69 AD 22 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 6D 00 61 00 6E 00 00 00 00 00 C2 C1 8C 05 63 F3 8D 44 BA DE 98 BE 85 44 2A 9B 04 00 00 00 38 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 63 00 6C 00 69 00 00 00 00 00 49 76 C7 49 5D CA D9 45 A5 EB 02 33 64 48 BB 12 04 00 00 00 00 00 00 00 6D 00 73 00 5F 00 73 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00 8A E5 97 A1 7C 28 5F 4E 92 25 46 8A 82 AC 24 72 04 00 00 00 10 04 00 00 6D 00 73 00 5F 00 70 00 73 00 63 00 68 00 65 00 64 00 00 00 00 00 F0 2C 7B 0C 72 E0 5E 4C BB 10 BA C1 1D 96 63 52 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 67 00 70 00 63 00 00 00 00 00 09 A6 4F BD 8C 3A 9C 4B BC F8 BA 07 82 89 5F B7 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 61 00 6C 00 67 00 00 00 00 00 87 30 52 5C CE 94 F4 4D 9F 13 B3 7C D1 F0 D4 64 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 69 00 6F 00 73 00 00 00 00 00 8A 58 63 07 7D 58 7E 43 99 B3 71 33 DF 89 67 79 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 72 00 73 00 76 00 70 00 00 00 00 00 63 C0 F0 F9 E4 C9 18 42 A0 BA 27 FD 84 BD 1E 42 03 00 00 00 80 00 00 00 6D 00 73 00 5F 00 6D 00 73 00 63 00 6C 00 69 00 65 00 6E 00 74 00 00 00 00 00 CA 4B 9B 1D 1C DF 2B 4A 86 62 AF ED C3 BA 86 93 03 00 00 00 08 00 00 00 6D 00 73 00 5F 00 77 00 65 00 62 00 63 00 6C 00 69 00 65 00 6E 00 74 00 00 00 00 00 E9 58 59 ED F7 A8 6B 43 A7 6A 12 5E C8 64 B3 3B 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 70 00 70 00 70 00 6F 00 65 00 00 00 00 00 A4 84 3F E4 CD 69 CF 49 A1 8C B6 41 64 6C 00 03 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 70 00 70 00 74 00 70 00 00 00 00 00 04 60 55 DD 3D 17 C8 48 A7 E6 60 D3 87 2A DB 18 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 6C 00 32 00 74 00 70 00 00 00 00 00 EA 9A DA CC 43 E6 95 45 A0 3F 7E C7 7C 52 7B 2F 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 77 00 61 00 6E 00 00 00 00 00 0F 80 F2 DC 31 89 BB 40 A8 34 C0 2E 21 81 85 B7 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 75 00 69 00 6F 00 00 00 00 00 F3 94 5F 5D 0C 1C 18 4B BF FD 4C 6C D6 61 C0 01 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 74 00 5F 00 73 00 6D 00 62 00 00 00 00 00 B8 6F 0D 4C 7C 30 DE 4D 9E 15 85 F1 47 DA 73 B7 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 74 00 00 00 00 00 3C 66 C6 46 A4 6E CA 4E 8C D7 70 AC AD 0A 9D 8F 02 00 00 00 A0 00 00 00 6D 00 73 00 5F 00 74 00 63 00 70 00 69 00 70 00 00 00 00 00 C5 AB 45 04 B0 DC 8B 4E A5 BE DA 7B 97 3E BA 30 00 00 00 00 84 00 00 00 70 00 63 00 69 00 5C 00 76 00 65 00 6E 00 5F 00 31 00 30 00 32 00 32 00 26 00 64 00 65 00 76 00 5F 00 32 00 30 00 30 00 30 00 26 00 73 00 75 00 62 00 73 00 79 00 73 00 5F 00 32 00 30 00 30 00 30 00 31 00 30 00 32 00 32 00 00 00 50 00 43 00 49 00 5C 00 56 00 45 00 4E 00 5F 00 31 00 30 00 32 00 32 00 26 00 44 00 45 00 56 00 5F 00 32 00 30 00 30 00 30 00 26 00 53 00 55 00 42 00 53 00 59 00 53 00 5F 00 32 00 30 00 30 00 30 00 31 00 30 00 32 00 32 00 26 00 52 00 45 00 56 00 5F 00 31 00 30 00 5C 00 34 00 26 00 34 00 37 00 42 00 37 00 33 00 34 00 31 00 26 00 30 00 26 00 31 00 30 00 38 00 38 00 00 00 6E 2E 95 05 EA 4A 64 49 A8 20 43 E1 A9 47 35 E0 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 77 00 61 00 6E 00 69 00 70 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 4E 00 44 00 49 00 53 00 57 00 41 00 4E 00 49 00 50 00 5C 00 30 00 30 00 30 00 30 00 00 00 A1 C0 69 79 7B 53 4D 43 AB 1B 3E C8 AA 3F 72 29 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 74 00 69 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 54 00 49 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 8B AD B9 88 BB DF 2B 4E 86 F1 18 A3 D9 4F 1F 03 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 70 00 70 00 6F 00 65 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 50 00 50 00 4F 00 45 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 3D 45 35 35 1A E9 60 40 92 F3 BC 5B F7 EC D3 A5 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 70 00 74 00 70 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 50 00 54 00 50 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 D3 44 BE 41 11 F6 7E 40 B4 60 74 41 C0 8B 14 CE 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 6C 00 32 00 74 00 70 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 4C 00 32 00 54 00 50 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 EA 05 E8 2D 4F E3 D8 45 88 33 35 F2 78 9C 30 EA 00 00 00 00 2A 00 00 00 73 00 77 00 5C 00 7B 00 65 00 65 00 61 00 62 00 37 00 37 00 39 00 30 00 2D 00 63 00 35 00 31 00 34 00 2D 00 31 00 31 00 64 00 31 00 2D 00 62 00 34 00 32 00 62 00 2D 00 30 00 30 00 38 00 30 00 35 00 66 00 63 00 31 00 32 00 37 00 30 00 65 00 7D 00 00 00 53 00 57 00 5C 00 7B 00 45 00 45 00 41 00 42 00 37 00 37 00 39 00 30 00 2D 00 43 00 35 00 31 00 34 00 2D 00 31 00 31 00 44 00 31 00 2D 00 42 00 34 00 32 00 42 00 2D 00 30 00 30 00 38 00 30 00 35 00 46 00 43 00 31 00 32 00 37 00 30 00 45 00 7D 00 5C 00 41 00 53 00 59 00 4E 00 43 00 4D 00 41 00 43 00 00 00 00 00 00 00 11 00 00 00 06 00 00 00 15 00 00 00 06 00 00 00 16 00 00 00 05 00 00 00 12 00 00 00 05 00 00 00 13 00 00 00 09 00 00 00 13 00 00 00 0B 00 00 00 12 00 00 00 0B 00 00 00 13 00 00 00 11 00 00 00 15 00 00 00 0D 00 00 00 15 00 00 00 14 00 00 00 15 00 00 00 14 00 00 00 16 00 00 00 10 00 00 00 17 00 00 00 10 00 00 00 18 00 00 00 10 00 00 00 19 00 00 00 10 00 00 00 1A 00 00 00 10 00 00 00 1B 00 00 00 13 00 00 00 14 00 00 00 00 00 00 00 15 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 01 00 00 00 0B 00 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 01 00 00 00 14 00 00 00 00 00 00 00 0B 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 11 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 01 00 00 00 14 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 01 00 00 00 14 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
(+) HKLM\System\CurrentControlSet\Control\Network\Config: 00 00 00 00 1D 00 00 00 60 23 3C EE 96 01 85 43 B9 B9 1D CE 00 74 11 10 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 77 00 7A 00 63 00 73 00 76 00 63 00 00 00 00 00 78 4F 32 99 D6 A1 3A 47 9A 72 BB 24 92 1C 55 26 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 73 00 74 00 65 00 65 00 6C 00 68 00 65 00 61 00 64 00 00 00 00 00 69 08 89 16 10 AB ED 42 90 B5 52 AE 60 06 61 74 04 00 00 00 38 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 73 00 72 00 76 00 00 00 00 00 A6 FF 73 17 C6 1B 86 4A B7 1F F1 D4 19 69 AD 22 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 6D 00 61 00 6E 00 00 00 00 00 C2 C1 8C 05 63 F3 8D 44 BA DE 98 BE 85 44 2A 9B 04 00 00 00 38 00 00 00 6D 00 73 00 5F 00 72 00 61 00 73 00 63 00 6C 00 69 00 00 00 00 00 49 76 C7 49 5D CA D9 45 A5 EB 02 33 64 48 BB 12 04 00 00 00 00 00 00 00 6D 00 73 00 5F 00 73 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00 8A E5 97 A1 7C 28 5F 4E 92 25 46 8A 82 AC 24 72 04 00 00 00 10 04 00 00 6D 00 73 00 5F 00 70 00 73 00 63 00 68 00 65 00 64 00 00 00 00 00 F0 2C 7B 0C 72 E0 5E 4C BB 10 BA C1 1D 96 63 52 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 67 00 70 00 63 00 00 00 00 00 09 A6 4F BD 8C 3A 9C 4B BC F8 BA 07 82 89 5F B7 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 61 00 6C 00 67 00 00 00 00 00 87 30 52 5C CE 94 F4 4D 9F 13 B3 7C D1 F0 D4 64 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 69 00 6F 00 73 00 00 00 00 00 8A 58 63 07 7D 58 7E 43 99 B3 71 33 DF 89 67 79 04 00 00 00 28 00 00 00 6D 00 73 00 5F 00 72 00 73 00 76 00 70 00 00 00 00 00 63 C0 F0 F9 E4 C9 18 42 A0 BA 27 FD 84 BD 1E 42 03 00 00 00 80 00 00 00 6D 00 73 00 5F 00 6D 00 73 00 63 00 6C 00 69 00 65 00 6E 00 74 00 00 00 00 00 CA 4B 9B 1D 1C DF 2B 4A 86 62 AF ED C3 BA 86 93 03 00 00 00 08 00 00 00 6D 00 73 00 5F 00 77 00 65 00 62 00 63 00 6C 00 69 00 65 00 6E 00 74 00 00 00 00 00 27 84 B9 72 F6 35 F5 41 99 FF B0 5A 1C EB CA D6 02 00 00 00 00 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 70 00 72 00 6F 00 74 00 00 00 00 00 E9 58 59 ED F7 A8 6B 43 A7 6A 12 5E C8 64 B3 3B 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 70 00 70 00 70 00 6F 00 65 00 00 00 00 00 A4 84 3F E4 CD 69 CF 49 A1 8C B6 41 64 6C 00 03 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 70 00 70 00 74 00 70 00 00 00 00 00 04 60 55 DD 3D 17 C8 48 A7 E6 60 D3 87 2A DB 18 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 6C 00 32 00 74 00 70 00 00 00 00 00 EA 9A DA CC 43 E6 95 45 A0 3F 7E C7 7C 52 7B 2F 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 77 00 61 00 6E 00 00 00 00 00 0F 80 F2 DC 31 89 BB 40 A8 34 C0 2E 21 81 85 B7 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 75 00 69 00 6F 00 00 00 00 00 F3 94 5F 5D 0C 1C 18 4B BF FD 4C 6C D6 61 C0 01 02 00 00 00 38 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 74 00 5F 00 73 00 6D 00 62 00 00 00 00 00 B8 6F 0D 4C 7C 30 DE 4D 9E 15 85 F1 47 DA 73 B7 02 00 00 00 28 00 00 00 6D 00 73 00 5F 00 6E 00 65 00 74 00 62 00 74 00 00 00 00 00 3C 66 C6 46 A4 6E CA 4E 8C D7 70 AC AD 0A 9D 8F 02 00 00 00 A0 00 00 00 6D 00 73 00 5F 00 74 00 63 00 70 00 69 00 70 00 00 00 00 00 C5 AB 45 04 B0 DC 8B 4E A5 BE DA 7B 97 3E BA 30 00 00 00 00 84 00 00 00 70 00 63 00 69 00 5C 00 76 00 65 00 6E 00 5F 00 31 00 30 00 32 00 32 00 26 00 64 00 65 00 76 00 5F 00 32 00 30 00 30 00 30 00 26 00 73 00 75 00 62 00 73 00 79 00 73 00 5F 00 32 00 30 00 30 00 30 00 31 00 30 00 32 00 32 00 00 00 50 00 43 00 49 00 5C 00 56 00 45 00 4E 00 5F 00 31 00 30 00 32 00 32 00 26 00 44 00 45 00 56 00 5F 00 32 00 30 00 30 00 30 00 26 00 53 00 55 00 42 00 53 00 59 00 53 00 5F 00 32 00 30 00 30 00 30 00 31 00 30 00 32 00 32 00 26 00 52 00 45 00 56 00 5F 00 31 00 30 00 5C 00 34 00 26 00 34 00 37 00 42 00 37 00 33 00 34 00 31 00 26 00 30 00 26 00 31 00 30 00 38 00 38 00 00 00 6E 2E 95 05 EA 4A 64 49 A8 20 43 E1 A9 47 35 E0 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 6E 00 64 00 69 00 73 00 77 00 61 00 6E 00 69 00 70 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 4E 00 44 00 49 00 53 00 57 00 41 00 4E 00 49 00 50 00 5C 00 30 00 30 00 30 00 30 00 00 00 A1 C0 69 79 7B 53 4D 43 AB 1B 3E C8 AA 3F 72 29 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 74 00 69 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 54 00 49 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 8B AD B9 88 BB DF 2B 4E 86 F1 18 A3 D9 4F 1F 03 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 70 00 70 00 6F 00 65 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 50 00 50 00 4F 00 45 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 3D 45 35 35 1A E9 60 40 92 F3 BC 5B F7 EC D3 A5 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 70 00 70 00 74 00 70 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 50 00 50 00 54 00 50 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 D3 44 BE 41 11 F6 7E 40 B4 60 74 41 C0 8B 14 CE 00 00 00 00 29 00 00 00 6D 00 73 00 5F 00 6C 00 32 00 74 00 70 00 6D 00 69 00 6E 00 69 00 70 00 6F 00 72 00 74 00 00 00 52 00 4F 00 4F 00 54 00 5C 00 4D 00 53 00 5F 00 4C 00 32 00 54 00 50 00 4D 00 49 00 4E 00 49 00 50 00 4F 00 52 00 54 00 5C 00 30 00 30 00 30 00 30 00 00 00 EA 05 E8 2D 4F E3 D8 45 88 33 35 F2 78 9C 30 EA 00 00 00 00 2A 00 00 00 73 00 77 00 5C 00 7B 00 65 00 65 00 61 00 62 00 37 00 37 00 39 00 30 00 2D 00 63 00 35 00 31 00 34 00 2D 00 31 00 31 00 64 00 31 00 2D 00 62 00 34 00 32 00 62 00 2D 00 30 00 30 00 38 00 30 00 35 00 66 00 63 00 31 00 32 00 37 00 30 00 65 00 7D 00 00 00 53 00 57 00 5C 00 7B 00 45 00 45 00 41 00 42 00 37 00 37 00 39 00 30 00 2D 00 43 00 35 00 31 00 34 00 2D 00 31 00 31 00 44 00 31 00 2D 00 42 00 34 00 32 00 42 00 2D 00 30 00 30 00 38 00 30 00 35 00 46 00 43 00 31 00 32 00 37 00 30 00 45 00 7D 00 5C 00 41 00 53 00 59 00 4E 00 43 00 4D 00 41 00 43 00 00 00 00 00 00 00 12 00 00 00 06 00 00 00 16 00 00 00 06 00 00 00 17 00 00 00 05 00 00 00 13 00 00 00 05 00 00 00 14 00 00 00 09 00 00 00 14 00 00 00 0B 00 00 00 13 00 00 00 0B 00 00 00 14 00 00 00 0D 00 00 00 16 00 00 00 12 00 00 00 16 00 00 00 0E 00 00 00 16 00 00 00 15 00 00 00 16 00 00 00 15 00 00 00 17 00 00 00 11 00 00 00 18 00 00 00 11 00 00 00 19 00 00 00 11 00 00 00 1A 00 00 00 11 00 00 00 1B 00 00 00 11 00 00 00 1C 00 00 00 14 00 00 00 15 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 11 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 01 00 00 00 0B 00 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 0B 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 12 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 01 00 00 00 15 00 00 00 00 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
(-) HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000001
(+) HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable: 0×00000000

———————————-
Files added:6
———————————-
C:\WINDOWS\inf\oem8.inf
C:\WINDOWS\inf\oem8.PNF
C:\WINDOWS\system32\drivers\winyyy.sys
C:\WINDOWS\lsass.exe
C:\WINDOWS\win.txt
C:\WINDOWS\winhost.exe

———————————-
Files [attributes?] modified:3
———————————-
C:\WINDOWS\inf\INFCACHE.1
C:\WINDOWS\setupapi.log
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp

———————————-
Total changes:69
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

1. Download UnHackMe free 30-day version

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.

Enjoy!

Dmitry Sokolov - author of UnHackMe