GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-28 17:41:59
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542520K9SA00 rev.BBDOC33P 186,31GB
Running: gmer.exe; Driver: C:\Users\XXX\AppData\Local\Temp\uxriqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                             84E60579 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                      84E84F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                    section is writeable [0x94008000, 0x2D5378, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                      section is writeable [0x9AF5E000, 0xBB22, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                      section is writeable [0x9AF72300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[368] USER32.dll!DialogBoxParamW                                               768C564A 5 Bytes  JMP 74CB44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\wininit.exe[460] USER32.dll!DialogBoxParamW                                                                             768C564A 5 Bytes  JMP 74CB44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\services.exe[520] USER32.dll!DialogBoxParamW                                                                            768C564A 5 Bytes  JMP 74CB44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\lsass.exe[548] USER32.dll!DialogBoxParamW                                                                               768C564A 5 Bytes  JMP 74CB44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\winlogon.exe[608] USER32.dll!DialogBoxParamW                                                                            768C564A 5 Bytes  JMP 74CB44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  ...                                                                                                                                         

---- User IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteFile]                                           [74CB97E0] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryInformationFile]                                 [74CB8F00] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetInformationFile]                                   [74CB9830] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteKey]                                            [74CBD810] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenKey]                                              [74CBD6D0] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtEnumerateKey]                                         [74CBD4A0] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteValueKey]                                       [74CBD860] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetValueKey]                                          [74CBD5F0] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryValueKey]                                        [74CBD580] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtCreateKey]                                            [74CBD660] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenFile]                                             [74CB9680] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryKey]                                             [74CB8EC0] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\services.exe[520] @ C:\Windows\system32\services.exe [ntdll.dll!NtClose]                                                [74CBD790] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\winlogon.exe[608] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtClose]                                                [74CBD790] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\system32\winlogon.exe[608] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW]                                        [74CB9510] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW]                                                         [74CB9510] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA]                                                         [74CB94C0] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [ntdll.dll!NtClose]                                                                 [74CBD790] c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                              [739C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                             [739C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                        [739A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                       [739A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                    [739B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                      [739B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                     [739B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                    [739B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                           [739B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                     [739B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                [739B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                              [739B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                    [739BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1528] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                        [739B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind    ????????? l??????e?????inf??@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4???{4d36e972-e325-11ce-bfc1-08002be10318}\0214?8}??@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4???{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?2D3??@nettun.inf,%msft%;Microsoft????@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4???{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??"{??{4d36e972-e325-11ce-bfc1-08002be10318}\0216?????{4d36e972-e325-11ce-bfc1-08002be10318}\0205?????{4d36e972-e325-11ce-bfc1-08002be10318}\0211?8}??@nettun.inf,%msft%;Microsoft?????????????????????????????????????????????????B??X???3-???????????????????????e??????????????????????????????1a??????????????? ?????????????????????.??"?????l???????-4???????????????????????????????????e??*6to4mp?????nettun.inf??12??*6to4mp?????? ?????????????????????.??????????????????????s381??? ??????????????x???? ?????????????????????.????????????????????? ?????????????????????1??L????????? ???????68????????????????dem ??? ?????????????????????1????????????&??????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route   ?????????????o??????????????????Net?1???Microsoft???????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????Net?????????Net?????????????????????????????????????Net??????????????????????????d??????????????????????? ???????n????????????X??????t???t???????????t???????????e???????????????????????????????????????o??s?????????????????????????????????????????????????????????0??????w???????????????v???????????6??nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?9??????????????????????????????????????????20??? l??????????????????????????????n???????????????t???????????????????????????????????n??????????Po??czenie lokalne* 341?ep??? ?????????????????????1??????*?0??? ?????????????????????????????????????????????????????????N??????r??????????? ???????Z?????????????1????????????&?????????????????????????????????????????.Po??czenie lokalne* 279?????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export  ????????????????6.1.7600.16385?EA-????X???????????????`???????????????:??????0?gd_??????}"??.NTx86??????gendisk?????????em??????? ??tunnel??????????8}??nettun.inf?t%\??????????????????int??h???????????u??????????????????????????????@disk.inf,%genmanufacturer%;(Standardowe stacje dysk?w)?????tunnel??????????????????????????????????????????? ???????P?????46\??Net?????text????????f????????????????????????????1???????.???????????????????2??\D????????????????????N??????0??????????????????????????????? ??????????????????Microsoft????????????B???$???????t??????????????????????????????Microsoft???usb.inf?de??????e4??tunnel??????6.1.7600.16385??????????????Karta Microsoft 6to4????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????*6to4mp??????????????n???????C??.NT?in??? ?????????????????????1????????????????????? ???????????????????{?1????????????????????????????????????????????????????*6to4mp?????? ?????????????????????1????????????????????? ?????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                                                            ????????????TO?????????????????D????????????????????????????????????????????????????????????????????????tunnel??'????????????????????????????????????????B???????????????????????????????????????????????????????e??????????? (??????t???????????????_??Net???????????????R?????????????????????????????????????????s????????????????????????????j??Net?????? ???????|???????????i?:????????????&????????????????????2???????????i?????e76??Tcpip\Parameters\Interfaces\{E329E3B9-B1FB-4C90-8FF8-15F218EAF196}??{E??? ???????|?????????????9??????4?????&????????????????????-??????????????????????????????????????????????? ???????5??????BT??? ???????9?????0A3???????????-???7???????????D?????????d79??????????????????? ??????????????????Net??????????????v????????????????????????*???????????des ??????tunnel??????????????????s????????????????????y???b??e???????????11?ata??????????????????????BS??????????????????????Microsoft???? ???h???c??????????????????????\{???????????????????????????????????????6?????e????????????????? ???????|?????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                                                           ????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????B??7B??6.1.7600.16385?_Tc??????C0????:??????-?g85??@nettun.inf,%msft%;Microsoft?_??????55???????????????????8??????????*6to4mp?\D??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????3??8B???????????m??Tc??*6to4mp?21??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????6??64???????????-??B4??????BC??? ?????????????????????1????????????&????????????????????5??????????????Urz?dzenie pami?ci masowej USB??"{??usbstor.inf?28???????????2??62??USBSTOR_BULK?F??? ?????????????????????1??L????????? ??????ft ???????????????2??? ?????????????????????.??"????????????????0BT???????????"??????F8??? ?????????????????????.?????????????????f??? ???????0?????B3D??USBSTOR\DiskHUAWEI__SD_Storage______2.31?USBSTOR\DiskHUAWEI__SD_Storage______?USBSTOR\DiskHUAWEI__?USBSTOR\HUAWEI__SD_Storage______2?HUAWEI__SD_Storage
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                                          ?????z?????????????????????????????????????????????????????t???t???t????????? ???????t?????t???????,??L?????????????????????255.0.0.0???? ???????o??????????????????????P???????????? ???????t???????????t?,????????????&???????????????????????? ???q??????????d???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|?????????y???<???????????;??????os??t???????????????? ???????o??????????????????????P????????????0???y???;???????????????????????????'???y???<???????????????????e???????z???????????????????????????????????????y???;?????????????P?;??? ???y???;??????????????????????????????????????????????????G????????????????????????????????????!????????????????????????e????????????????????????????e????????????????????????????????????????? ???????o???????????t??????????P????????????????y??????????????????????????? ???????o???????????j?,????????P??????????????????????????t???t???
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                                                                       ??????????????????????????X??????????t??????????? ???????????????????????????????????????????????????????????????????????p??????????? ???????????????????????????B?????s-B??WUDFRd??????????????????????????????05??????????11??????????????disk?r??????????? ??????????????????? ????????????????????????????????????????????m???????????????????????N?????????????????????????? ???????????????????g?1????????>???????????????????WpdFsGroup??????????????????????????????????????Net?????????????????????????????????????????????????????tunnel?ip6???????????????j??????????????????@disk.inf,%disk_devdesc%;Stacja dysk?w??????usbcdcncm_6&35a029bf&1&0001_01???"???????????????????b??e???????????????????wpdbusenum\fs???????????????????em??????ge???????????#??????????????????gt???t??text?B???????????????????????"???????????k???????h??????????????? :?????????????????????????????????{4d36e967-e325-11ce-bfc1-08002be10318}\0010?????????????{00000000-0000-0000-0000-000000000000}????????????????????????????????????????????oft???tunnel?????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                                                                      ?????????????????8??????????*6to4mp?\D??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????3??8B???????????m??Tc??*6to4mp?21??? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????6??64???????????-??B4??????BC??? ?????????????????????1????????????&????????????????????5??????????????Urz?dzenie pami?ci masowej USB??"{??usbstor.inf?28???????????2??62??USBSTOR_BULK?F??? ?????????????????????1??L????????? ??????ft ???????????????2??? ?????????????????????.??"????????????????0BT???????????"??????F8??? ?????????????????????.?????????????????f??? ???????0?????B3D??USBSTOR\DiskHUAWEI__SD_Storage______2.31?USBSTOR\DiskHUAWEI__SD_Storage______?USBSTOR\DiskHUAWEI__?USBSTOR\HUAWEI__SD_Storage______2?HUAWEI__SD_Storage______2?USBSTOR\GenDisk?GenDisk??57??? 4?????????????s ??USBSTOR\Disk?USBSTOR\RAW??????N??????9?????D2}??{e4d5f38c-2998-11e1-888f-806e6f6e6963}?F9B???? ??????1???e??????#?????????????N??????-????D491??{4d
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                     ?????5?????_???????_?????????$??????????????????????????????????????Microsoft???? ???????a????????????????????"??????????????I??????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ???????????????????????????????????????????0?????????????????????????**??????????+%?????????????? ???????H?????????????????? ???????? ???????????????????Y???????0???????????Y????????$???????????????????????????????$???????o??????????????????em???$???????????????????????????????$???????1??????????????????#{???$???????D??????????????????? ??@nettun.inf,%msft%;Microsoft????tunnel?513??????8}???????????????????????????????1???????????????????????????!???????????????????????????????????????????????????7??????????? ???????????7??????????????????{4d36e966-e325-11ce-bfc1-08002be10318}\0000??????????????????6??9-??????????int??????????????????????????????????????????{???????????B???????????????????????7????:????????giv???????????????????????????????????????????{???????????6???????????m?????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind                                                                                 ????????? ???????0??????s3??WpdFs?????????0???????????????????????????????0?????????????text????Microsoft???????????????????x???????????text????????????????nettun.inf???e??????????????????????????ESET?????????????????????_???????????????????????????P??????????????????? ?????????????????????.??"?????N???????????????????????????Po??czenie lokalne* 354??k??? ?????????????????????.????????????????????????? ???????????k??????x_??? ?????????????????????1??L????????? ??????-40??? ?????????????????????1????????????&????????????????????1??? ?????????????????????1????????????????????? ?????????????????????1????????z???????????? ?????????????????????1????????????????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????????5:??????????????????????????????????????5:????????????????????.Po??czenie lokalne* 166?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route                                                                                ????????????????tunnel??????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??18??????18??????????@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4???Karta Microsoft 6to4 #126???@nettun.inf,%msft%;Microsoft????Karta Microsoft 6to4 #145?????N??????C????DCB5??????????????? ??int????????????????????????????????????????????? ???????int???????????????????????????????2??????3???3??????x????P????????????.Po??czenie lokalne* 405?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export                                                                               ????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????A??C-??6.1.7600.16385?A54????:??????S?g_T??@nettun.inf,%msft%;Microsoft?2???????????????????????????p??????????*6to4mp?-4??? ?????????????????????1?????????????????????????????????????0??-B???????????}??S_??? ???????Z?????????????1????????????&????????????????????S???????????-??????????Po??czenie lokalne* 167?<???? ???????Z?????????????1????????????&???????????????????????? ?????????????????????1??????*?0??? ????????????????????????????????????????????????j????????????0?????????????Po??czenie lokalne* 159?in??????????? ?????????????????????1??????*?0??? ??????F9-???????????0??????????? ??????????????????????????????????????????????????????????????d???????? ????????????????????????????$?N?t?????????? ???????1?????????????,????????$?l?<???????????????????????????????6e??? ?????????????????????,????????z?????#?????????#?????$?????? ??????????Root\*6TO4MP\0107?????z?????????????????\\?\Root#*6TO4MP#01
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind                                                                                   ?????m??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????text?????????????????e??tunnel????????>?????????????????? ??S????Z?????????????1????????????&???????????????????????? ??S??????????????????1??????*?.??? ???????????Karta Microsoft 6to4????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????6.1.7600.16385????????:????????g????@nettun.inf,%msft%;Microsoft????int?????Typ??????????????e??????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????? ??????????????????*6to4mp?????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????$???????????????????? ?????????????????????1????????????&???????????????????????????????text????? ?????????????????????1??????*?0??? ???????????? ?????????????????????1????????????&????????????????????P??Po??czenie lokalne* 141?5??????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route                                                                                  ????????????? ?????????????????????.??????????????????????s?????? ?????????????????????1??L????????? ????????????????????????????????????l??0???? ?????????????????????1????????????????????????????? ?????????????????????.??"?????N? ??????????????????v????????m?????????????????????????????)???Karta Microsoft 6to4 #123???????????????? ?????????????????????1????????????&???????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????4??}?????z??????a??a ??????????? ?????????????????????1??????????????????????????????????????????????????????C7-A563-299A????????????????0??????4??????????????????????????? ?????????????????????1????????????&???????????????????????????????Po??czenie lokalne* 461?????????????? ?????????????????????1????????????&????????????????????2??????? ?????????????????????1??????*?0??? ???????????????????????????????????Po??czenie lokalne* 462
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export                                                                                 ????????????????????????????s???????????????????????ud???????????K?????????tso???????????????????????????????????????????_???????????????????????????????????p???????????????????????????????????????e???????????????????????????????j???????????????????????????????????????k???i???????????????????????????????p???????'???s????????????????????????????????????????????????????X??????p???t??nettun.inf? 6t????:????????g?????????????????????????????????e???e????2??????1???????????????j????????????????????????????.Po??czenie lokalne* 275?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind                                                                                     ????????????????????????????????????????????????6-21-2006???????STORAGE\Volume\_??_USBSTOR#Disk&Ven_HUAWEI&Prod_SD_Storage&Rev_2.31#7&1b0def16&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}?????? ?????????????????????1????????????????????WUDFCoInstaller.dll?????????????? ??????????????? ?????????????????????,??????????????#Mas????J??????S???????e??Microsoft???? ???????T?????????????,??????????3?&????????????????????????????????????????????????\???????s????$??????}???????6??Root\*6TO4MP\0170???????????????????a ??tunnel?0-4??? ???????0?????????????,????????J???O????????????????????????????????????????}???????????:??????om??Microsoft?????$??????5???????A??Root\*6TO4MP\0169???*6to4mp???????????????$?????????????????Root\*6TO4MP\0171?????????????????????????$??????{???????s??????????usbcdcncm\Vid_12D1&Subclass_02&Prot_16&ext_ctrl?usbcdcncm\Vid_12d1&Pid_1506&MI_01&ext_ctrl??XX??????????????????????????????????????????????USB\UNKNOWN?????Root\*6TO4MP\0172????????????4??????D-????$?????????????????Root\*6TO4MP\0173???Net
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route                                                                                    ????????text????? ????????????????????????????"?????????????C-???????????6????????m244???????????R??????????? ?????????????????????1????????????&????????????????????E??tunnel??BA???????????R??????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7C7BBDEC-180D-4983-A67B-2962A724456B}] SEQPACKET 155???????????? ?$???????????????????1??????*?0??? ???????????????? ?????????????????????1??????*?0??? ???????????? ?????????????????????1??????*?0??? ???????????????? ?????????????????????1????????????????????????????????????nettun.inf?ese??? ??????????????????6to4mp.ndi??????? ??????????????????6-21-2006???? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????p??????6to4mp.ndi??es???????????m??????????Microsoft???????? ?????????????????????1??L????????? ???????????? ?????????????????????1????????????&????????????????????d??????????? ?????????????????????1?????????????????????????????????????????????C??59??????????? ??????????????????????????????????????????tunnel????????0????
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export                                                                                   ????el???????????????????????????????????????????????????????????????????????????????????????????F???????????????????????????????????????????????????????????7???????????????????7??????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????????d???????????????????????????????????????????????????????????????????????????????.???????????????????n???????????????????7???????????????????????????????????????5?????????????????????????????????????????????????????????????????????????? ????????????????????????n???????????????????P???????????????????????????????????????d???????????????????n???????????????????n???????????????????????????????????????$??????????????????????????????*6to4mp?????? l??????C?????-B0??*6to4mp??B????????????L???????????????????????????????????`??B??????\c??????\c??*6to4mp???????? ?29=??????????????????????????????????????????????????????????????????????????????????????????????????2??????????e??????$???4????? ??????? ????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind                                                                                  ????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0191?98??input.inf????????????????????????9????N??????e???????e??????????? ?????????????????????.????????X???????????? ?????????????????????.????????X?????????????????????????????0Po??czenie lokalne* 1065????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route                                                                                 ????????????????????????16???????????????????6???0??? ?????????????????????.??"?????l???????98??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?j?j??@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4?????????????????????????????????????m??????????????f??????????49??disk.inf????? ?????????????????????.??????????????????????s?????? ???????9??????x???? ?????????????????????.????????????????????? ?????????????????????1??L????????? ???????64??????????????????????? ?????????????????????1????????????&????????????????????4??? ?????????????????????1??????????????????????z??????6??1-??????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????(?(???(?(?(???????(?(?(?(???(???(?????(?(???????@?@**?????(?(??+%?????(???@???? ??(????H????????(?(?(?(??? ???????? ????(???(?(???(?(??Y????@???????(?????(Y??@????@nettun.inf,%msft%;Microsoft?i??Karta Microsoft 6to4 #193?????X?????????????Microsoft???????4m??????11???????????e??????4???????????*6to4mp?????????????????????{00
Reg    HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export                                                                                ????FF????N??????c??????????Net??????????????$???????e????????????????????????????????????????????????????????????????????????????N???????????D??????????????????????e??Net???????2??????s???e??? ??????????????????int?????????????????????????????????*6to4mp?????????ow????????????????????????????.Po??czenie lokalne* 662?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind        ???????????@????????????input.inf????????????????????&??????????USB?N?????(??@???????????????-?@????????? ???????5??????????????????????????????serialui.dll????? P??|???B?????08D??????????????????????input.inf????????????????????????????????????????????@???????????????????A???????e??PCIIDE\IDEChannel\4&31187e8f&0&0????????USB??????????@???????????4??????????? ???????\?~?Z?????????????p???????????????????? ???????????????????????????????????PCIIDE\IDEChannel\4&5cb7943&0&0??????????^???}???e????*??|???F????d?\D??????????????????? ??#???????????????????????????????????s???????????????????????????????? ????????????????????H??@??????????PCI\VEN_1002&DEV_95C4&SUBSYS_FF501179&REV_00\4&3cb988f&0&0010?????B?????????????????????????? ??????Keyboard????????????input.inf???.NT?????????input.inf?????B?????????????????????????????????hdc?C:??????????????????????????????????????????????SCSIAdapter???????T??@???????????????????@???????h??????? ??????????????????????????????????????????? ??? ?????????????????????????????????
Reg    HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route       ??????????T???????????c??????????????????????5???????????????5??7-13-2009???scecli????????????????????????6??????5?????????5?5???????????????1???????????5???????????5??ks.inf?wdmaudio.inf?hdaudio.inf??????{?|????????????? ???????5????????????????????????????"??@??????????????????????????????????????????*NTKERN?????????????????????????F???Microsoft???COM4????DOT4_????????????5???????????5????&??@????????c?????*6to4mp?????????????????? P??????C?????UNN?????z?u???? ???????????c??????????&??? ???????5???????5??msv1_0??????.NT??????????????5???????????s???@?@?U??????????MEDIA???? ??????????????n????????????????????????o???&???????????t???/???h??????????????????????????????????????E=???????????????????????????????e???????????????????????????????e???????t???????????????????????h???????????????h??????????????????.NT??????????f???????p???????????????h????V???????????c?????disk.inf?????????????????h??@%SystemRoot%\System32\StorProp.dll,-17000??????disk.inf????? ???????@???????????????????? ?????????????disk.inf????? ?
Reg    HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export      ???@????????????input.inf????????????????????&??????????USB?N?????(??@???????????????-?@????????? ???????5??????????????????????????????serialui.dll????? P??|???B?????08D??????????????????????input.inf????????????????????????????????????????????@???????????????????A???????e??PCIIDE\IDEChannel\4&31187e8f&0&0????????USB??????????@???????????4??????????? ???????\?~?Z?????????????p???????????????????? ???????????????????????????????????PCIIDE\IDEChannel\4&5cb7943&0&0??????????^???}???e????*??|???F????d?\D??????????????????? ??#???????????????????????????????????s???????????????????????????????? ????????????????????H??@??????????PCI\VEN_1002&DEV_95C4&SUBSYS_FF501179&REV_00\4&3cb988f&0&0010?????B?????????????????????????? ??????Keyboard????????????input.inf???.NT?????????input.inf?????B?????????????????????????????????hdc?C:??????????????????????????????????????????????SCSIAdapter???????T??@???????????????????@???????h??????? ??????????????????????????????????????????? ??? ?????????????????????????????????????????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                                                ?????p????X??????b???t???????????????d???????j????????????????????????????H????????????????????????? ??????g??????N??t?????????n????????RV??????????????t????v?v?????v?v?v???????????????????????????/???????????????5 ?????????s????????j??USB??????????z????????????????????`??p?????????n????????????4&d8b462b&0??7??????????????t???????????????t????????????????????????i???????????j?o????USB?l0??????????????????p????|?|?}??????????????????????????????t????????l???}?}t???????t???2-27-2012????????o??????????\SystemRoot\system32\DRIVERS\lsi_fc.sys??3???????j??????p???SCSI Miniport?????P??j???????????d??lsi_fc.inf_x86_neutral_a7088f3644ca646a??????j?j?j?j?j?j????????????????t?????????????????????????????????????????R??j????????h?????\SystemRoot\system32\DRIVERS\lsi_sas.sys?3???????j??????p???SCSI Miniport?????R??j???????????d??lsi_sas.inf_x86_neutral_a4d6780f72cbd5b4?????j?j?j?j?j?j?j??????"??????g????????????????t?????????????????????????????????????????T??j????????h?????\SystemRoot\system32\DRIVERS\lsi_sas2.sys??????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                                               ????????@disk.inf,%disk_devdesc%;Stacja dysk?w??????? ???????f??????sf??sffp_sd?????????t ???g?g?????????e???????e??volsnap??????j?j?j????h??g ??0????????r??9???????g???l??)????g?gt ??????????????????????volsnap?????UMB\UMBUS??????????????????????????????????????s?????i?i?g??Volume??????udfs?5??? ???????g???????????g?.??????$???????????????s?????????????????????????? ??? ???????g???????????g?.??????"?h???????????? 4??g???????????????g??? ???????f?????g???????.?????????????????1??? ???????g?????g???????.??"?????????????????ti???????U???????e???????g??? ???????g?????g???????.??"?????z???????????????{4d36e97d-e325-11ce-bfc1-08002be10318}??????????????????????????ms_ndiswanip????DiskDrive????g?g?????g?????g????h????????????????????????????????????????????????????0??????????????????????????????????????????? ???????g???????????g??? ???????g?????g???????1??L????????? ??????????????g???g???g??achi??? ???????g?????g???????1????????????&????????????????????O??? ???????g?????g???????1????????????????????? ???????g?????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                              ?????????????p??????????????? ???????o?????p??????????????$???0?????????@%SystemRoot%\system32\wevtsvc.dll,-201?????? 4??p??????????????NT AUTHORITY\LocalService???????????????????????????????????????????? ???????????????????????????p????`??p??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege????????>???????????h??????????????????????????p?p?p???? ??g??????p??????????o?????p???????????????????p??????p????v?v?????????????\??????\L???????????????????????????p???????p???????????p?p?p?p?p?p?p???????:???????????.?.?.???????????????p??????????6-21-2006????????p??? ???????o??????????????????????R?H?????????Video Save????????X??????????4???p?p?p???????s??*6to4mp??5???????????????????????p??????de??????????????????s???RpcSs?????????????????*????????????e????????????????????????????????? ??????t????u?up???system32\DRIVERS\AgileVpn.sys???system32\drivers\rdpencdd.sys???????????????t????????g???W???e???? ??????????e???????????????????????p??????????????tunnel?C76???????p????????????????????????????????b??q?
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                                           ?????j??????????????????LegacyDriver?E???????????4?????????j????? ???????i?????j???????1????????????????????? ???????j???????????j?1????????????????????????????????????storprop.dll,AtaPropPageProvider???????j????? ???????i?????j???????1????????????????????? ?i???i???j?? j???j???j???j???j???j???j????????? ???????j???????????j?1????????B????????????j?jpr????:??j???????????????????????????i?????j????? ???????i?????j???????1????????????????????? ???????j???????????j?1????????:????????????????????????????j?j????internal_ide_channel??????B??j??????????storprop.dll,HdcCoInstaller??????j?jle???????????3?????????????????????????j????? ???????i?????j???????1????????????????????? ???????j???????????j?1????????????????????????????????????????????????????? ?????????j?????????????????????????  ??l???k?????m?k???????f???u?????????n????????????G:\?????????????STORAGE\Volume???????????j??? B??j??????????????DETECTEDInternal\ACPI_HAL?DETECTED\ACPI_HAL????????????????????????????s????????????????s???????$????t?????????????????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                                          ?????????????????0???????????????j????????????\??j?????????e?????????j??????p???FSFilter Virtualization?????????????????ms??@%systemroot%\system32\drivers\luafv.sys,-100?????6??j????????h???????????????\??j?????????e?????????????????????????????j????????????????????????????????8??j????????h???????<??j????????????????8??j????????h???????b??j?????????e??????????????????????(??j?????????e??????,??j?????????e????????????????t???system32\DRIVERS\mouclass.sys?ouclass.sys???System Bus Extender??????u?|?0????????????????????<??j????????h??????????i???????????????????????????????j??????????system32\DRIVERS\mouhid.sys?\mouhid.sys???????b??j?????????n????system32\DRIVERS\mrxsmb.sys??????????????????????????????j??????p???@%SystemRoot%\system32\drivers\mountmgr.sys,-100??????(??j??????p???????????????t????????????|?|?|??System32\drivers\mountmgr.sys??????????????????????????????g????@%SystemRoot%\system32\drivers\mountmgr.sys,-101????????????????????System32\drivers\mpsdrv.sys???????P??j?????????e????????????????t???Net
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                         ?????t??????????{00000000-0000-0000-0000-000000000000}??????? j??n??????????????Port_#0004.Hub_#0006????????????????????????? &??j???????????7??? ???j???b?????;1w??rastapi??????i??????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=PeerDistSvc|Name=@peerdistsh.dll,-10002|Desc=@peerdistsh.dll,-11002|EmbedCtxt=@peerdistsh.dll,-9001|????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=PeerDistSvc|Name=@peerdistsh.dll,-10003|Desc=@peerdistsh.dll,-11003|EmbedCtxt=@peerdistsh.dll,-9001|???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=SYSTEM|Name=@peerdistsh.dll,-10004|Desc=@peerdistsh.dll,-11004|EmbedCtxt=@peerdistsh.dll,-9002|??????+???i?????????????????????????t????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|LPort=443|App=SYSTEM|Name=@peerdistsh.dll,-10005|Desc=@peerdistsh.dll,-11005|EmbedCtxt=@peerdistsh.d
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind                                                                                     ???j????WPD?????? Z??j??????????????? ????????????????????N??j????????D?????DETECTEDInternal\blbdrive?DETECTED\blbdrive????????????????4?????????? ?????????????????{72631e54-78a4-11d0-bcf7-00aa00b7b32a}\0001??t???????????4???????e??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?5D-??COMPOSITE_BATTERY????7??Volume???????j???????????????????j???????????????j???-??e5???????????????????0???????????????j????????????\??j?????????e?????????j??????p???FSFilter Virtualization?????????????????ms??@%systemroot%\system32\drivers\luafv.sys,-100?????6??j????????h???????????????\??j?????????e?????????????????????????????j????????????????????????????????8??j????????h???????<??j????????????????8??j????????h???????b??j?????????e??????????????????????(??j?????????e??????,??j?????????e????????????????t???system32\DRIVERS\mouclass.sys?ouclass.sys???System Bus Extender??????u?|?0????????????????????<??j????????h??????????i???????????????????????????????j??????????system32\DRIVERS\mouhid.sys?\mouhid.sys???????b??j?????????n????system32\DR
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route                                                                                    ??????????????????????????????????????????????????????$????????????e????????????????????????????????????????????????????????????Net?AA??Net??6????^????????????n????????????????????????????????? ??????????????? ???????0??????????tunnel?06????????????????d??text?????????|???????????????????????????????|??Net?????C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe?vic????"?????????????????PLAY ONLINE. OUC????? ???????u???????t??LocalSystem?????????????????????????????????Net???????N??????z???????z????h?????H???@???????@???????H???????????????????????????????? ???????v?????t???????:????????N?????4?????{322048F4-E741-4354-AAEB-FD4019169AE1}???????????????????????????????????e??? ???????????????????j?:????????h?????????????h?????H???@???????@???????H???????????????????????????????????????t????????????????????????????????????????????????????????????d??????????\\?\Root#*6TO4MP#0158#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{8BC3EF97-979F-43BC-A5F9-947FD98E4C9A}?48????$??????}???????9??Root\*6TO4MP\0174????????t??????????USB
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export                                                                                   ?????????????s??????????? ???????? ????????????1????????????&???????????????????????????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1?????????????????????????????e???e????2?????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????generic_hid_device?f?f??????ow??????? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????2???????????Urz?dzenie wej?ciowe USB????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1??????????????????????&??????f???f??????????????????????????? ?????????????????????1????????????????????? ?????????????????????
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind                                                                                       ???j?i??????????DiskDrive????????????????????????????????????4?????j????WPD?????? Z??j??????????????? ????????????????????N??j????????D?????DETECTEDInternal\blbdrive?DETECTED\blbdrive????????????????4?????????? ?????????????????{72631e54-78a4-11d0-bcf7-00aa00b7b32a}\0001??t???????????4???????e??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?5D-??COMPOSITE_BATTERY????7??Volume???????j???????????????????j???????????????j???-??e5???????????????????0???????????????j????????????\??j?????????e?????????j??????p???FSFilter Virtualization?????????????????ms??@%systemroot%\system32\drivers\luafv.sys,-100?????6??j????????h???????????????\??j?????????e?????????????????????????????j????????????????????????????????8??j????????h???????<??j????????????????8??j????????h???????b??j?????????e??????????????????????(??j?????????e??????,??j?????????e????????????????t???system32\DRIVERS\mouclass.sys?ouclass.sys???System Bus Extender??????u?|?0????????????????????<??j????????h??????????i???????????????????????????????j??????????system32\DR
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route                                                                                      ?????????j?j????????? ???????T?????" "??Wolumin uniwersalny?????volume.inf?p?p??????????????????????????????????????????T????? ??????????e??disk?4??? ???????????????????????????t????????m??e???????????????????????????????A?????e4-???????????????????????????????n??????????tunnel??????? P?????????????????*6to4mp??????????????A???e????z??????T????????????????????????????????:????????g????????????? ???????}???????????k????????"???C?????????????tunnel?530????N???????????D??????????????j?j?????j??? ????????????????????$?????? ??????????disk.inf????????#???????tunnel???????????:???????????????e????????????X?????????????????{6???????????8?????e86??????????????????????????????????????????? ??????????????????? ???????5??????????6.1.7600.16385??????????cdrom_install?????????????????????????????????????????????B??????a??????????? ??????????????????????????????????????????????????????????usb\class_08&subclass_06&prot_50????? >?????????????????Urz?dzenie pami?ci masowej USB????????N?????????????????????1???????????????? ?
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export                                                                                     ?????s??????????? ???????? ????????????1????????????&???????????????????????????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1?????????????????????????????e???e????2?????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????generic_hid_device?f?f??????ow??????? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????2???????????Urz?dzenie wej?ciowe USB????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1??????????????????????&??????f???f??????????????????????????? ?????????????????????1????????????????????? ?????????????????????1???????
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind                                                                                         ???j?t???k???????????????????????????????f?g?k?j????sE???f?j?k?k????????? ???Z???????????????????????????4????N??l??????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???4???????~???D??sE??Printer??e??Volume???????????l???????y?????????????????s?????????g??????????????????????????????5???Microsoft????k???????????????  ??k??????????cp???????????????????????????e???.???e??????????????????????? ???n???/?????/?/??????????????t???????????????????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?i.i????N????????????4????? ???e??????????????disk????????????????????UMB??????????????2?????s?2???l?l???????????????????????????????????????????????s?????????????????k???????????????p???????????D???E???????????????????????????????????????D?????s\a??pk?k?k?k????s????????k??????s???????????????" ???????k???.??s????????o??@volume.inf,%msft%;Microsoft??????N??k???5?????D??????N??k????????D???????N??k???????????????????`???????e??.NT??????????????s?s?????????????????????????????$??????????STORAGE\Volume?????????????????
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route                                                                                        ???k?y???h?hme???????????v???????????????e????N??h???8?????D68??? ????????????????????X??k??????????usbhub?5??????N??h?????????D?????????????7???????????????i??????????????????????????{00000000-0000-0000-ffff-ffffffffffff}???????????????o?????????n32??? ???????????????????h??????????????? ???????h?????h???????1?????????????????????????????;???<???h??? ???????h???????????h?1????????j?????????????????????????????j??h??????????Kontroler zgodny ze standardem High Definition Audio???????h????? ???????h?????h???????1????????????????????? ???????h???????????h?1?????????????????????????????;???;???????h???<??E???hdaudbus.inf?<???h?h_m?????h????? ???????h?????h???????1?????????????????????????h??????????Microsoft???????? ???????h???????????h?1?????????????????????????h???<???<??HDAudio_Device???????h?h???????h????? ???????h?????h???????1????????????????????? ???????h???????????h?1?????????????????????????????;???<???????h???<???<??.NT??????h?h?h?????h????? ???????h?????h???????1????????????????????? ???????h?????????
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export                                                                                       ???q????????? ???????p???????????p?2????????????????????????????0??????????????????????????? ??????????? ??????????????????????????????????????????????????? ????(??????P???????????????????????????????????????? ???????p?????p???????2???????????????????o???????q???q???q????????? ???????q???????????q?2??????????????0??????????????????????????????????????????q???????????????q??????0???5355?UDP?????q?q?q?q?q????????????????0?????? ???????o?????q?????q????????$???X??????c????R??q?????????e????@%systemroot%\system32\dot3svc.dll,-1102?????????p??????p????q?q?q???????q????????h?????%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted?????R??q?????????n????@%systemroot%\system32\dot3svc.dll,-1103???????q?????q??? ???q??????????????localSystem?????????????????????????Dot3SvcMain?????????????????t??????? ?????????????,??q????????????????.??q???????????e??RpcSs?Ndisuio?Eaphost???????????????????????????? D??q???????????????q???????q??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivi
Reg    HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind                                                                                      ???k?????????????4??????????LegacyDriver?2???k???????????4?????????????????????????s?????????k??????s????????????k?k?k??????t???????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?rag???f?f?k?k?k???k????X??n????????????8??o????????h??????k???k??LegacyDriver?????????????,???????/???????????????????????????\????????????4??k?????g????????????? ??????????????????t???????m????k?k?????k??????????USB??W???k?k?k?k??????????N???????????D?????? ???i???????????????????????k??WPD??d?????????????????s?????????????????????????????????????$????????(??k???????????k?k?k???k???????????????????????k?k?k???k???k???????????k???????k??????s??????k?&???????????????????p???s?????????????????????????????????????????????????????????????????????? ??????????s????Volume??? ??sffp_sd??}???????????/?????s?4???????l??????????????????????????????t????????s???????????????????k??????????? ???????k?????k?????k?.??????????3? ???????????????????????????????? ???????k?????????????.????????N????????????????a???????????????j???????????k?????????
Reg    HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route                                                                                     ???h?k?????m????? ???????m?????m???????.??L?????????&???????????????????????? ???????m?????m?????m?.????????????&???????????????????????SW\{ddf4358e-bb2c-11d0-a42f-00a0c9223196}???????{00000000-0000-0000-ffff-ffffffffffff}??????@ksfilter.inf,%msft%;Microsoft???????????e???????????????o??????????????? ???????f?????????????.?????????????????E??? ???????m?????????????.????????????????????????????????????{4d36e96c-e325-11ce-bfc1-08002be10318}??????{4d36e96c-e325-11ce-bfc1-08002be10318}\0002?????@ksfilter.inf,%mspqm.devicedesc%;Serwer proxy mened?era jako?ci Microsoft Streaming??????m?l?m?m?m?m?m?m?m?m?m???????????1?????s?????????????????????????????????????????m?????????????????????????????????s????? ???n???1??????s??????????????????????????????????????????????????????????????????m????? ???????m?????????????.?????????????????f???m?m????? ???????m?????n???????1??L????????? ??????????????m???m????? ???????m?????m???????1????????????&???????????????????????? ???????m?????m???????1????????????????????????????? ?????
Reg    HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export                                                                                    ???j?t???????t??????????????????????????*pnp0c32????@usbstor.inf,%genericbulkonly.devicedesc%;Urz?dzenie pami?ci masowej USB????????????????????????? l??n??????????????USB\VID_0951&PID_1607&REV_0200?USB\VID_0951&PID_1607?????????????????:???:??? ???????n?????????????.??0???????????????????7?????Sterownik procesora AMD K8???????????v????*??n?????????????n????Port_#0001.Hub_#0006???????????n????? ???????n???????????n?.??????0??????????????????????????????????????????5???????????e???????????????n?n?????n?n????? ???????n?????????????.?????????????????f??Imaging?????? ???????n?????o???????1??L????????? ??????1-2?????n???n???n??@?????? ???????n?????n???????1???????????????????????n?????????n?????????????????n????? ???????n?????n???????1????????????????????? ???????n???????????n?1?????????????????????????n??????????usb\root_hub20???????????n???????????n?n???????n????? ???????n?????n???????1????????????????????? ?n???n???n???n???n???n???n???n???n???n????????? ???????n???????????n?1???????????????????????????????????
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Deskjet F4100 series@ChangeID                                           3150362

---- EOF - GMER 2.1 ----