GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-31 09:47:53
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964032 rev.0001 596,17GB
Running: tmj56y5t.exe; Driver: C:\Users\user\AppData\Local\Temp\kftcaaob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000074c41465 2 bytes [C4, 74]
.text  C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           0000000074c414bb 2 bytes [C4, 74]
.text  ...                                                                                                                                         * 2
.text  C:\Windows\AsScrPro.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                       0000000074c41465 2 bytes [C4, 74]
.text  C:\Windows\AsScrPro.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      0000000074c414bb 2 bytes [C4, 74]
.text  ...                                                                                                                                         * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000074c41465 2 bytes [C4, 74]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   0000000074c414bb 2 bytes [C4, 74]
.text  ...                                                                                                                                         * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000076f6f941 7 bytes {MOV EDX, 0x693228; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000076f6fb85 7 bytes {MOV EDX, 0x693268; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000076f6fbb5 7 bytes {MOV EDX, 0x6931a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000076f6fbcd 7 bytes {MOV EDX, 0x693128; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000076f6fbe5 7 bytes {MOV EDX, 0x693328; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000076f6fc15 7 bytes {MOV EDX, 0x693368; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000076f6fc95 7 bytes {MOV EDX, 0x6932e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000076f6fcad 7 bytes {MOV EDX, 0x6932a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000076f6fcf9 7 bytes {MOV EDX, 0x693068; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000076f6fdf1 7 bytes {MOV EDX, 0x6930a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000076f70049 7 bytes {MOV EDX, 0x693028; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000076f71055 7 bytes {MOV EDX, 0x6931e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000076f710cd 7 bytes {MOV EDX, 0x693168; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000076f712d1 7 bytes {MOV EDX, 0x6930e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000074c41465 2 bytes [C4, 74]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074c414bb 2 bytes [C4, 74]
.text  ...                                                                                                                                         * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000076f6f941 7 bytes {MOV EDX, 0x203228; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000076f6fb85 7 bytes {MOV EDX, 0x203268; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000076f6fbb5 7 bytes {MOV EDX, 0x2031a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000076f6fbcd 7 bytes {MOV EDX, 0x203128; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000076f6fbe5 7 bytes {MOV EDX, 0x203328; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000076f6fc15 7 bytes {MOV EDX, 0x203368; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000076f6fc95 7 bytes {MOV EDX, 0x2032e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000076f6fcad 7 bytes {MOV EDX, 0x2032a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000076f6fcf9 7 bytes {MOV EDX, 0x203068; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000076f6fdf1 7 bytes {MOV EDX, 0x2030a8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000076f70049 7 bytes {MOV EDX, 0x203028; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000076f71055 7 bytes {MOV EDX, 0x2031e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000076f710cd 7 bytes {MOV EDX, 0x203168; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000076f712d1 7 bytes {MOV EDX, 0x2030e8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000074c41465 2 bytes [C4, 74]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074c414bb 2 bytes [C4, 74]
.text  ...                                                                                                                                         * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                  0000000076f6f941 7 bytes {MOV EDX, 0x9bbe28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                       0000000076f6fb85 7 bytes {MOV EDX, 0x9bbe68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                           0000000076f6fbb5 7 bytes {MOV EDX, 0x9bbda8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                    0000000076f6fbcd 7 bytes {MOV EDX, 0x9bbd28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                      0000000076f6fbe5 7 bytes {MOV EDX, 0x9bbf28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                    0000000076f6fc15 7 bytes {MOV EDX, 0x9bbf68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                     0000000076f6fc95 7 bytes {MOV EDX, 0x9bbee8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                    0000000076f6fcad 7 bytes {MOV EDX, 0x9bbea8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                              0000000076f6fcf9 7 bytes {MOV EDX, 0x9bbc68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                   0000000076f6fdf1 7 bytes {MOV EDX, 0x9bbca8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                            0000000076f70049 7 bytes {MOV EDX, 0x9bbc28; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                      0000000076f71055 7 bytes {MOV EDX, 0x9bbde8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                            0000000076f710cd 7 bytes {MOV EDX, 0x9bbd68; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5               0000000076f712d1 7 bytes {MOV EDX, 0x9bbce8; JMP RDX}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000074c41465 2 bytes [C4, 74]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000074c414bb 2 bytes [C4, 74]
.text  ...                                                                                                                                         * 2
.text  C:\Users\user\Downloads\OTL.exe[456] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                                0000000074c41465 2 bytes [C4, 74]
.text  C:\Users\user\Downloads\OTL.exe[456] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                               0000000074c414bb 2 bytes [C4, 74]
.text  ...                                                                                                                                         * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind    ????oo??????????????t?????????????????????????????????????????N??n????????h??????n??\SystemRoot\system32\DRIVERS\HpSAMD.sys?iv??SCSI Miniport?????T??n???????????d??hpsamd.inf_amd64_neutral_f4d0397ad0d9b1cc???Net?????Keyboard Port????????????s??????????tunnel?4F-???????????????u???o?r?????????????????????s???n??????????????\SystemRoot\system32\DRIVERS\iirsp.sys???3???????n??????p???SCSI Miniport?????R??n???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1?????n?n?n?n?n?n?n??Tcpip?????????(??n??????p???System Bus Extender???????R??n???????????d??mshdc.inf_amd64_neutral_a69a58a4286f0b22?????n?n?n?n?n?n?s???????????????n???????/??????????????????????????????????*6to4mp??}????????+??.??????????????system32\DRIVERS\AgileVpn.sys???*6to4mp??u??????????????????????????????????????????? ???????.??LegacyDriver??????<??n????????h??????????q??? D??o???????????????????????u??????????????????t?????\??????2?????e-9????????????6??o????????h???????????????????????*??t?????????e?????????????B???????????????????????B?????????
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route   ?????????t??? ??????????????????????????????????????{D??{4d36e972-e325-11ce-bfc1-08002be10318}\0044?76???????????s????c-B5???????????1??????? ???????U????????????????N?????$???<???????????????????????????????31????$??????4??????????? ??????????????????????????????????'????????????????????}??? ???????t??????IS??????????????????? ???????4?????-76???????????b?????efc??Adres sieciowy?b_T???????????????t??? ??????????????????????????????????????06??????\\?\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTI&PROD_FLASH_READER&REV_1.00#058F0O1111B1&0##{6bdd1fc6-810f-11d0-bec7-08002be2092f}??.???????????????????????????????????? ????????????????????????????????????#?????WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTI&PROD_FLASH_READER&REV_1.00#058F0O1111B1&0#?????????????????????#???\\?\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTI&PROD_FLASH_READER&REV_1.00#058F0O1111B1&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}??????????? ?????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export  ?????u????H??u???????????????)??H?????????????????????????????????????????X??????y????????X??????????t???u??6-21-2006????? ??d???9???????u???~?~?~???????????s??NF???u??????????????????????????????????????????????.i???u?????u?????????????u??????????H????????????????????????????????????~??Net?????Net??s??? ???????u?????u?????u????????*????? ???????????????????????????????si??? ???????u?????r??????????L?????????????????? ???????u?????u??????????V?????????&???????????????????????? ???????u??????????????????????????+?????????????????????????????&??u???=????????X???????????????????????`?????????????????????? ???????|???????????g?:??????????8?&????????????????????U??*6to4mp??u??????????????????????????????tunnel???????????u????V??u???????????d??? ???????|???????????m?:????????????&??????????????????????????????????????e????? ???????|???????????o?:????????????&????????????????????????u????X??????u???t??????19???????????M?????eft??????????? ???????u?????r??????????L?????????????????????????????????? ???s??????????d??
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                                                            ????????????????4&300d6352&0?????????????????8??????s???Typ?????? ???????t?????s?????t????????*????? ???????????????????????????????? ???????{?????????????9??????4?????&????????????????????????5???t??? ???????n?????t?????t????????$?????????????? 4??t??????????????NT Authority\LocalService???????????????????????????????????t??????? ?????????????,??t???????????????????t???????????e??????????????????????? B??t???????????????t???????t??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????????????????????????????i?s?t?t?t?t?t?t?t?t?t?t????%SystemRoot%\system32\mpssvc.dll????Tcpip???????@%SystemRoot%\system32\FirewallAPI.dll,-23090???NetworkProvider???????v??t????????h?????%SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork????????\??t?????????n????@%SystemRoot%\system32\FirewallAPI.dll,-23091???????? ???????t?????t?????i????????,?B??? ????????????????????????????????????????????????????????t?t?t?
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                                                           ??????????????????????~??????A??????*6to4mp??2???????????7?????s4E??? ???{???A?????eA-???????????????????????w??Karta Microsoft 6to4 #19??????2??????C??????56???????????????????????????????????????????????????i??\T??@nettun.inf,%msft%;Microsoft?8???????????????????????????????????????????????$???????????????????????????????$??????????????????????????????@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4???{4d36e972-e325-11ce-bfc1-08002be10318}???i????N???????????D?????*6to4mp???????????????????????????????????.??????6??4?????????????N??????c??????????? ????????????????????????"?????l???????e9??Net??????????????C??????????? ?????????????????????0????????????&????????????????????m??? ?????????????????????0????????????????????? ???????????????????B?0????????????????????? ?????????????????????0????????????????????? ???????????????????T?0????????????????????? ?????????????????????0????????????????????6.1.7600.16385??????? ???????????????????T?0????????*???????????nettun.inf??????????????????????????????? ?????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                                          ?????u???????????????????????h?i?i?i????sC???????e???n???e????N??i???0????D000???????i???b??sC??WUDFRd?d?d??PEAUTH?11D??{8ECC055D-047F-11D1-A537-0000F8753ED1}??&????????????E??t-???????????o???????????????i?????????????????????????s?????i???????????????n??Typ?????????????????????????????????????????????Microsoft???Network?????11???????i???????#??volsnap??????i???p?p?p??LegacyDriver??????????????????????????N??j???t????D??0??Extended base????g?g?i?i?i?i?i???????&????*??i??? ?????????n?????????s????4??j????????h??????????{??Microsoft????i???????????????????????????i????:????????g?????i???????????????????????  ?????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????T?f?i?i?i?i?h???????i???????????i???????????j?j?1???????????????i???C??????{8ECC055D-047F-11D1-A537-0000F8753ED1}?-A5???????????????1???????j???t?t?t??????????????????LegacyDriver????WimFltr??????j?j?j????????????N??i????????D?N???ms_ndiswanbh?????????????i???????z???????i???i?j?1???????2??? 0??i???3??????????RPCSS??????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                                                                       ?????u??LegacyDriver??????N??j????????D??????????T??????s????????s????X??????????????????????k?k?????????????????????????i???????????????????i???:???????????[???s??eF??????????????t???????????? ???????:?????:?:????????????????????X?????????????????????????????System32\drivers\partmgr.sys?????????????????????u??h???????????????????t???? ???? 8????@%SystemRoot%\system32\drivers\partmgr.sys,-101??????i?i?i?i?u?i?i??Network??????z??????????????????????@%SystemRoot%\system32\drivers\partmgr.sys,-100?????????????????????????????????t???Security Driver???????????????????????????????(??n??????p????????r???????r???o??Net??s???????????????s????:??i????????h?????system32\drivers\pciide.sys?\pciide.sys?ul???????????2?gus???????????????????????????????????????????????????????????????? ??[??????p?????N?????? ????D?\D???????i???????????u???????s????`??i?????????n??????8??i????????h?????????????????t????????????????????????????????????????????????????????????e???????????u???????????????????????????????i?????????n????IMServi
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                                                                      ?????7???????7???????????????g???????????6??sA???????????????????????????????????????????????????i????????????N??????3?????D?????????????r???????????????????????????????????r??of???????0?%????? ??????????????????????????????z?????#?????Root\*6TO4MP\0001???{4d36e972-e325-11ce-bfc1-08002be10318}??????tunnel???????????????8????cAD5??? l??????n?????ft%??????????????????????????????Adres sieciowy?1AF??{27209EDB-FC4E-4E07-A5E3-3D591C2E5C24}??????nettun.inf??????????????????????? ???????????????????????????????????,??is????N??????K?????Dic???????????????g??????????????*6to4mp??????????????D??k ??? ???????????????????3?0??????*?.??? ???????????Root\*6TO4MP\0001????????????????????????????D???0????????????4?? ?????????? ?????????????????????????????9????? ??????????? ?????9????? ??????????? ??????? ??????? ??? ??????? ???83???C?0?0????????????????????????????????????????9????? ??????????? ?????9????? ??????????? ??????? ??????? ??? ??????? ????????????????&???????????????????8???h???C???,???????????????????(??????P??
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                     ?????u??Tcpip???????????????? ???????????????????????|??? ?????????????i???????0????????????????????? ???????i???????????&?0????????????????????Net?????? P??????n??????????Net??-??192.168.137.1????????n??????????????n????????y???????????6???????i???????m???????n?????????P???????`?????????i????????????????????????????????`??i?????????e????Boot Bus Extender????????????????s???????T??????s???????????FltMgr??????????????????????????t???C:\ProgramData\Microsoft\MF??????s???s????<??j?????????e?????????????r?r?s???s???????????????????????????????????????u?u?u????????????????????????R??p????????h??????s?s?s??*6to4mp??e??????????????t???FltMgr???????i??????????????LegacyDriver?f???????j??????s???rpcss????????????????C??????????.i???????i??????p?????X??????????e???9?U?i?i????????????????? ???4??? $??i???y?????r?p??????????????????text?????????????????????????????????-??????1D????X??????&???&?????????????????????? ????_?????s39?????s?o???????????????????t??????? ????N??i????????D?????{8ECC055D-047F-11D1-A537-0000F8753E
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind                                                                                 ????????? ?????????????????????0?????????????????????????????????????????????1??11??????? ??p????A??????xB????4??????"??????02??Karta Microsoft 6to4 #112????????????F???????4??????????????????Microsoft???nettun.inf?B-4??? ?????????????????????0??L????????? ??????8A6??? ?????????????????????0????????????&????????????????????{??? ?????????????????????0????????????????????????????? ?????????????????????0?????????????????????????????????????C??}"???????????-??D7??nettun.inf?CE2??? ???????{?????CDD??6to4mp.ndi?35-??? ??????????????????6-21-2006???? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????7??7}??6to4mp.ndi?1E7???????????-??????9B??? ?????????????????????0????????????????????????????*6to4mp?????? ?????????????????????0?????????????????????????????????????}??"{???????????1??4F??Microsoft????????????"???????6??????-4??????????????????????????????#???????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????4???"?
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route                                                                                ?????????????????????????0??????????*6to4mp?B2??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????7??B5???????????3??}"??*6to4mp?A-??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????B??"????????????0??0-??????2F??? ?????????????????????0????????????&????????????????????{??????????????? ?????????????????????0????????????????????? ?????????????????????0????????~????????????????????????????"??{0????~??????A??6B??nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?647??????35???????????C???e??tunnel?}"???? *??????1?????039??Karta Microsoft 6to4?E??????????????????????????????????????????09??? ?????????????????????0??????????????????????????????????????????????????????F03FE1-3B14-??? ?????????????????????0????????*???????????? l??????7?????E6}??@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4????????????????????????????????D?????s-4??? ??????????????????8???????????`????????e?????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export                                                                               ????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????Root\*6TO4MP\0235???tunnel??????????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????0??????????u??????00??????????????????Microsoft???????????????#???? ???????j????????????????"?????X?)?`???????????????????????????????????????????????????Adres sieciowy???????? ?????????????? ???????????????????????????????????????????????????-????c55a???????????5???t??????????????????int??????????????????e??tunnel??{e????>??????0??????Sterownik karty Microsoft 6to4??????? ??????????????????????????????"??? ??????a-d??? ???????}???????m??tunnel??????? "?????????????????ndis5_ip6_tunnel?i???????????;??cr???????????????h??Typ?????*6to4mp?????????????????ROOT\*6TO4MP\0037??????????????????d?????????????y??????????? ?????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind                                                                                   ????????text?|????????????????????????N??????C???????????????y??????????????????system32\DRIVERS\JME.sys?????????????????p??ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)??????????????Net??e??Microsoft???????????????????tunnel??????????????????????Net??x???????????B??*6to4mp?02??????????????4????? ??s???????t???|???????????????????????s????????.?D3??Net??u???????????????????????????????????????????????????|???????????????|??????p????????????|??????????????????*6to4mp??n??????????????????????Net?Mi??text????????????tunnel?pip??Net?????Net?????11??????????????*6to4mp????????????????????????????????????nX???NDIS Usermode I/O Protocol??????? ???n???A?????}??????N??????u???????u???u???????????????????????????????o??Net??????????????????????????b???????????????????????j???????????e??????????????????????? B??|??????????????%SystemRoot%\System32\trkwks.dll?????|????V??|??????????????????SeRestorePrivilege?SeImpersonatePrivilege????????????????????????????????u?u?u?u?u?|?y?y?|?|?|?|????? ???????u?
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route                                                                                  ????????? ??^?????????????????????????????085???11??????? ??????? ?????a (??tunnel???????????????1???????s??????????????????????????????????????????????????????????????? ?????????????????????0??????????????????????????????????????*??????????????????????U??{4d36e972-e325-11ce-bfc1-08002be10318}?F-4??? ???????F??????in??????Po??czenie lokalne* 79??????????L???????????????????????????????????Sterownik karty Microsoft 6to4??????t ???????????b???????s??????? ?????????????????????0????????????&????????????????????_??????????????????????d???????????????????????????????????????@%SystemRoot%\system32\drivers\netbt.sys,-2?????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??? ?????????????????????????????????????????s???????????????????s??????????????,??????0?????e30??????HidUsb?-9A??????????????????????STORAGE\Volume???k??volsnap?????LegacyDriver??????X??????????d??Volume????????????????????????????????????????????????????X?????????????ms_pptpminiport?????@volume.inf,%msft%;Microsoft?????????????n??dr??????tunnel?????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export                                                                                 ?????u??????????????????tunnel??????? P??????????????????????2??????????*6to4mp??????????8???8??A6??????????????????????????????????????tunnel?F-F??*6to4mp???????????????X?????? ??????????????????????????? ???????n??????????????????????P????????p??User Mode Driver Frameworks Platform Driver?????????????tunnel???????????j?????????n????????????????????????? ???s???~???????.???.?????????????????????????????????n????11?11.??*6to4mp?????? *??~???????????s??*6to4mp?????Net??????????????1??85??85??? ???????n??????????????????????P???????s?????`??????????????????????B???????????y??t?????????????????????????X??????a???t????*??|???T????????????????????X??????y???t??? ???????}???????????u??????????????&???????????????????????%SystemRoot%\system32\wbem\WMIsvc.dll???????? ??????????????t?????????????????????????????????????????H??u????????h???????`?????????????? ???????n???????????u??????????X?????????????????????????????????????????????????P??u????????h?????\SystemRoot\system32\DRIVERS\rdpbus.sys?????RDPCDD????????X??u?
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind                                                                                     ?????u??%SystemRoot%\System32\alg.exe????o????8??o???????????????????????????????????????o??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege????????,??o???????????????????????????????????????o??? ???????n???????????j??????????R???????????????????????.?????????????????????????????????????????????????????????:??????????????????&???o???????????????????????????&???o???????????????????????????&???o???????????????????????????p?q????? ???????n???????????j??????????R???????????????????????.???????????????????????????????????????????????????????????????????????????????????????????????.????????????????????????????????????????????????????????????????????????????????????&???o??????????????????????????? ???????o?????o?????j?????????????? ????????????????o???????????r??*6to4mp??????????????{?|e??????o?????o????????????????????????????????????????N??o????????h?????\SystemRoot\system32\DRIVERS\amdk8.sys????????0??o?????????e????AMD K8 Processor Driver??????????o??????p???Extended Base??
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route                                                                                    ????????HidUsb??????????g???????????????????????????s ????X??????????????????????????????E???????-??? ???????B??????n7???????????8???e???e??? ??????????????????? ???????????????????j??????????`????????e??? ??????????????????????????????????????0-???????????F????cFFF??????????????????????????????B6??? ??????????????????????????????????'????????????????????}??? ?????????????????????0????????????&???????????????????????????????? ??<???????????????*6to4mp?nf????N??????8????D?????*6to4mp?FA???????????7???e????>??????6??????? ?????????????????????0??????*?.??? ???????????????????????????????d&??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????????????E??5D??t???? ???????Z?????????????0????????????&???????????????????????int? ????????????????????????????????????????????2???5???????????F??C7??????????FA??????#?????*??????i????d?? ??? ??????????????????????????????????????????????????????????????? P?????????????????Ka??? ??????????????????????????????`????????e?
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export                                                                                   ?????u??????text?p???????j???????1?????k????? ???????k?????k???????0????????????????????????????tunnel?A-4??? ???????k???????????h?0????????$???????????@netrasa.inf,%mp-ip-dispname%;WAN Miniport (IP)????????k????? ???????k?????k???????0????????????????????? ???????k???????????h?0?????????????????????????m???????????????????????T??????s??????????????????k????? ???????k?????k???????0????????????????????6.1.7600.16385???2??????????????? ???????k???????????h?0????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?????????k????? ???????k?????k???????0????????????????????? ???????k???????????h?0?????????????????????????????3???????????????????????j?k?????k?l?k?????????k????? ???????k?????k???????0????????????????????? ???????k???????????h?0?????????????????????????T??????? ??????????????pl?????????????????????????k????? ???????k?????k???????0???????????????????????k???k???k???k???k???k???k???k???k????????????? ???????k???????????h?0??????????????????????X??????3?????????k????? ???????k?????k???????0???????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind                                                                                  ????????????????????????????t????????????????????t?t?n????????????????????????N??n????????h?????\SystemRoot\system32\DRIVERS\msdsm.sys?-Pa??4304?????n????(??n??????p???System Bus Extender??????????????????n??????????????? ??????????????????????????????????? ?????????????????????????????j???j???n???n???n???n?n?n?n??elxstor.inf_amd64_neutral_4263942b9dfe9077??????? ???????n???????????j??????????8?v?????????11???|?????????????????e???????????????????e?????????????????????n??? ?????????????????????????????????????????????????????????????h???????????????????????????????????????????x????system32\DRIVERS\ETD.sys??????8??n????????h???????P??t???+?????e?+???????????????????????????????B???????????????e????X??????&???t????D??p???????????e????,??????????????????????n????????????????L??p??????????????????FSFilter Infrastructure?????????? .?Ad??.NTAMD64?w?????n???n???n??086&??? ???????n?????n???????0????????????&???????????????????????? ???????n?????n???????0????????????????????? ???????n???????????m?0???????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route                                                                                 ????????????????????????????????????t ??????????????????'???????Typ???????N??????c???????????i??? ???????s???????????????????????e??? ?????????????????????0????????????????????????????????????????text??????????????????????????????????z??????1??????????wpdbusenum\fs??ge\??? ???????????????????????????i???????????????i???????????5?????e1E???????????k??????????????????????so??????????????????\\?\Root#*6TO4MP#0378#{cac88484-7515-4c03-82e6-71a87abac361}?????????????????e??6-21-2006?????????????????????????`?????????????????????*6to4mp??t???????????????????????????????????????????j???????????e??????????????????????? ????????????????????????????????????????????s-8E??6.1.7600.16385?E82??? ???????????????????????????????????????f??? ?????????????????????0??L????????? ??????"{B????*?????????????? ?????????????????????0????????????????????? ?????????????????????0????????*???????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????vi??? ?
Reg    HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export                                                                                ?????u????6??r????????h?????????????tunnel?A}"???????????????????????????f??????????????????????? ???????o?????o?????o?????????????? ???????????? ???????o???????????o???????????????????????????o???????????r??/MAXTAGS=64????????o0???? ???????o???????????o????????????????????????????????????5????????o???o????? ???????n?????o????????????????????????????? ???????n???????????o??????????N???????8???????????????t??????o???o????? ??????????????????? ???????o?????????????????????????????????????o???o????? ???????n?????o?????o????????$?Z??????????c????%systemroot%\system32\svchost.exe -k netsvcs????@%SystemRoot%\system32\aelupsvc.dll,-2??????? ???o???????????????????????????????????o?o?o??@%SystemRoot%\system32\aelupsvc.dll,-1????????Z??o????????h???????N??o?????????n????localSystem????????o???o??????N??o?????????e????????????????t??????????????????????????????????????? ?????????????N??o??????????????????SeTcbPrivilege?SeImpersonatePrivilege????????o?o?o?o?o?o?o?o?o????,?????????????????NDIS?7??? ???????o???????????h?
Reg    HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind        ???.?8??????0???????????????????1???????????????wpdfs.inf???????????????????????????????1.0 1.0 1.0?????pci???????P??.??????????????????MEDIA????????!???????????????????/?/?/??PCI\VEN_8086&DEV_2D01&SUBSYS_80868086&REV_02?PCI\VEN_8086&DEV_2D01&SUBSYS_80868086?PCI\VEN_8086&DEV_2D01&CC_060000?PCI\VEN_8086&DEV_2D01&CC_0600????{00000000-0000-0000-ffff-ffffffffffff}?fff???3?4???????6?????.??? ???????.?????????????0????????????????????? ???????&?????.?????/?/?.??????0???????????????? .??.?????????6?6???.??? ???????.?????????????0????????????????????? ???????.?????????????0?????????????????????????????????????????5??? ???????-?????4?? ??:????"????????????.?.???????????.???.????????????????N??.????????Dvro???.??? ???????,?????0??????????j????????????E?????????????????????????????????????????????m??*PNP0A03?????/?/00??????PCI\VEN_8086&DEV_2D01&REV_02?PCI\VEN_8086&DEV_2D01?PCI\VEN_8086&CC_060000?PCI\VEN_8086&CC_0600?PCI\VEN_8086?PCI\CC_060000?PCI\CC_0600??A&C????N??.??? ?????D????? ~??7???????????????6?6?????.?8A???{00
Reg    HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route       ???.?.???.??PCI\VEN_8086&DEV_2D12&REV_02?PCI\VEN_8086&DEV_2D12?PCI\VEN_8086&CC_060000?PCI\VEN_8086&CC_0600?PCI\VEN_8086?PCI\CC_060000?PCI\CC_0600???????H???????????????????????????????????????????????????????????s??????????????????????????????g????i8042prt????\SystemRoot\system32\DRIVERS\lsi_fc.sys?????? ???.??????????se???.?.?????.??????????PCI\VEN_8086&DEV_2D13&SUBSYS_80868086&REV_02?PCI\VEN_8086&DEV_2D13&SUBSYS_80868086?PCI\VEN_8086&DEV_2D13&CC_060000?PCI\VEN_8086&DEV_2D13&CC_0600??????N??.???????????????3?3?.???.??System??????????????? ??????????`????1??????V_?????? ????????????.??\SystemRoot\system32\DRIVERS\MegaSR.sys?cy???????????????????????????????????.???.??PCI\VEN_8086&DEV_2D13&REV_02?PCI\VEN_8086&DEV_2D13?PCI\VEN_8086&CC_060000?PCI\VEN_8086&CC_0600?PCI\VEN_8086?PCI\CC_060000?PCI\CC_0600???????? x??.???????????????3?3?.???.???.???.??? ???????,?????2?????.????????????3? ???????I???????????????????????\SystemRoot\system32\DRIVERS\lsi_sas.sys?????????????????????????4?????.?????U?U????? ???????.?????
Reg    HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export      ????????Net???????2??s????????h?????????????????Net??????????????????e??????????????de????????????????????????????????????8??r????????h?????????????????????????????@%systemroot%\system32\drivers\mup.sys,-101???????2??n????????h??????????r???????????????o??Net??:???u????????????N??s?????????n?????????r???????p??????????????????????????f????????t??????????????t???megasr.inf_amd64_neutral_30b367f92ca46598????n?m?j????J??s???h?????e????????????? ???????????i??????????????????????????????int??i???????s??{8ECC055D-047F-11D1-A537-0000F8753ED1}?riv????N???????????D??????e?i?i?i?i?i?i???????A???????e??kbdclass?????????????????j??????????int??????????????k?k?????????????F??????or???????i?????????????????????????s??????X??k????????????*??i??????????????????? l??j???N??????? ???????????c??tc???????????????r???????????????e??????es??????????WUDFRd???????????????i??????t????????j??????????aswSnx???????????????????????????;$???????N??????3???????????????2????????????????????X??j???&???&???????????j??????}???Volume?????????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                                                ?????????i??????????????????{71a27cdd-812a-11d0-bec7-08002be2092f}?600????:??k?????g??????N??k????????D??????i???????????????????????d?f?i?i?????????????????0?????s86???o???????i???????i???3??s}???????????i???????????????4?????s? ???i????????????X??k???????0???????????????????????????4?????????????????s????? "??i???????????????  ??j?????????????????i?r???????????????e???????u???????????????????????h?i?i?i????sC???????e???n???e????N??i???0????D000???????i???b??sC??WUDFRd?d?d??PEAUTH?11D??{8ECC055D-047F-11D1-A537-0000F8753ED1}??&????????????E??t-???????????o???????????????i?????????????????????????s?????i???????????????n??Typ?????????????????????????????????????????????Microsoft???Network?????11???????i???????#??volsnap??????i???p?p?p??LegacyDriver??????????????????????????N??j???t????D??0??Extended base????g?g?i?i?i?i?i???????&????*??i??? ?????????n?????????s????4??j????????h??????????{??Microsoft????i???????????????????????????i????:????????g?????i???????????????????????  ?????????????????{8ECC055D-047F-11D1
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                                               ?????r???????[??????l_intl.nls??????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[???????????\?\?[???????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[???????????????????????????[??????????l_intl.nls???????????[???????????????????????e?fS???l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[???????????\?\?\???????[??????????l_intl.nls???????????[??????????l_intl.nls??????l_intl.nls??????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[???????????????????????????[??????????l_intl.nls???????????[??????D???????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????????????????[??????????l_intl.nls???????????[??????????????????????l_i
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                              ??????????>??p???A???????????p?????p????? ???????j???????????j???????? ?@????????????y??%SystemRoot%\ehome\ehepgres.dll?????%SystemRoot%\ehome\ehRecvr.exe??pc??? ???????p?????p?????j?????????????? ?????????????(??p??????????? ???????p???????????n????????????????????????????*??p??????e?????.??p???????t?????p?????p???p??????????????? ???????n???????????p??????????P?t?????????%systemroot%\system32\esentprf.dll???????????p?????????e????esentprf.ini????? ?????????????????????????????3????@comres.dll,-2451???? 4??p??????????????NT AUTHORITY\LocalService???????????????????????????????????t????????????e??tB?????? ????????????????n???????????e????,??p??????????????? ???????n?????p??????????????????u?????T???? ???????p???????????p??????????F??????????e??????????????????????????`??p??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege???????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? :??p??????????????%systemroot%\system32\es.dll????????????????????????????????B??????g????Net??????????????o?p?p?|???????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                                           ?????n??Volume??????LegacyDriver?????i??????De???????i???:???:???????????????????i???????????????????????  ??i??????????????STORAGE\Volume???????????????????????????????i???????????g?i?i?i?????4???i???????????i?i?i???????????&?????s63??RasSstp??0???????s??USB??????????i??????s????? ??8???1???e??LegacyDriver????STORAGE\Volume???????????g???????e?????????????g?????k?k????mrxsmb??????????s?????N??k?????????D??????X??k?????????????????????????s??????N??i?????????D????{00000000-0000-0000-0000-000000000000}?????????????????????s??????N??i???????????????????i??????????? ???????j?????i?????i???????????????????????????????????C???&???i?i?j??? ???????i??????????????????????N????????????i?i?i?i?????????i???i?j?i???????????3??s3?????i?&???????i???-??sb??ATA Channel 0????i?i?i???????h???C???????????????????????i????????????????????????????"??i???B??????compositebus.inf??????(??i???i??????CompositeBus_Device??-???????????????3???????????3???3??????? ???i???????????????????????????????????i????????????s??????i?i?i???????i?
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                                          ?????s??????9???????????????????????????3???????????????5???????????????d???????????????????????????b???????????????6????????????????/???6??????????c???????????????2????????????[?[?[?[?[?[?[??????f???????????????5???????????????5???????????????1????????????[??????5???????????????5???????????????2???????????System?753?????[????????1???????????????1????????????h???d??????1???????????????1????????????\?\?[???[??????2???????????????2???????????????5???????????????f???????????????f???????????NDIS?0??????2???????????????2???????????????1???????????HDAudBus?-???????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????? ??[???????????e???? ??[???????t???? ??[???????????????e???????[???????????????k??????1???????????????1???????????????f???????????????f???????????????f???????????????f???????????????????????????3???????????????3???????????4&a967c5d&0??6??????f???????????????f???????????????f???????????????f??????????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                         ?????????????????????????????n???F???????N??kbd101.dll???????s?s?s???s???????n???????????R???????n??????????????????????PCAT_101KEY??????????????????e??????????????????????????????????????????????????????t?????????????????????s??????????????????????????????????????????????????????????n???????????????????s?n?n????????????????????????R??n????????h?????\SystemRoot\system32\drivers\iaStorV.sys? ???????p???s?s?s???n???????n??????p???SCSI Miniport?????V??????????????d???????????!???e?????????????g????BFE?????????oo??????????????t?????????????????????????????????????????N??n????????h??????n??\SystemRoot\system32\DRIVERS\HpSAMD.sys?iv??SCSI Miniport?????T??n???????????d??hpsamd.inf_amd64_neutral_f4d0397ad0d9b1cc???Net?????Keyboard Port????????????s??????????tunnel?4F-???????????????u???o?r?????????????????????s???n??????????????\SystemRoot\system32\DRIVERS\iirsp.sys???3???????n??????p???SCSI Miniport?????R??n???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1?????n?n?n?n?n?n?n??Tcpip?????????(??n??????p???System 
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind                                                                                     ???s?o???????????????????t??????? ????N??i????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}???4???????????????????????????4??????? ???T?i?i?i?????????????????v?????????????? ????h?????s?4????.??????'???t??Net??????????&???????????4??s?????X??j?????????????????????????????????i?&???????????????????????o?????svr???????????????h???????????????i??????????????????? ???????????????s??????st???????j???4???????????????????s??????6???? ???????j?????i?????i??????????????????????????????????????????????? ???????i???????????i??????????N??????????????? ????4?????s????LegacyDriver????? l??l???4???????????????[???s??ep??mrxsmb??????????ur???????????????3?????????????????s????KSecPkg??3????P??i?????????e????Net???????????????N??i???????????????????????5???????????|???????i???5??s????e?f?i?i????sf???i?i?????????s??????????????????text?s???????i???E??s6???????????4???????4??????vr???????&???????????2??sf???????????????h??????s?????z????????g????????????????@%???i?i??????2?????????????????????????????????????????co???i?i?-?
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route                                                                                    ????????????????????????????????????????????????????????t????????????????????????????p?s?????????s????$????????????????????????????????????????????????g????????tunnel?0?n??Microsoft????????n???e???????????????u?????????d????? ??????????????????????????????????????????? ???????p???????????j????>?????d???????g???C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???? ??e???????????????? ???j????????????????????????????????????d?????????????????????????????????? ???????????????????j???????? ?d????????????????????s??C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL?????????????????????????d??????_??????????????????? ???????p???????????n????8?????d???????????C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???? ??d???????????????? ???m???.????????????????????????????????d??????????????????????????p??????? ???????????????????j???????? ?d???????????????????????C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???????????????????????????????tunnel??????????????? ?????????????????????0????????????????????*6to4mp?????\De
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export                                                                                   ????????????????????????????????????????t????????????????????????????p?s?????????s????$????????????????????????????????????????????????g????????tunnel?0?n??Microsoft????????n???e???????????????u?????????d????? ??????????????????????????????????????????? ???????p???????????j????>?????d???????g???C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???? ??e???????????????? ???j????????????????????????????????????d?????????????????????????????????? ???????????????????j???????? ?d????????????????????s??C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL?????????????????????????d??????_??????????????????? ???????p???????????n????8?????d???????????C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???? ??d???????????????? ???m???.????????????????????????????????d??????????????????????????p??????? ???????????????????j???????? ?d???????????????????????C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???????????????????????????????tunnel??????????????? ?????????????????????0????????????????????*6to4mp?????\Device\RasPppoe_{D
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind                                                                                       ???s?i??????????????????????LegacyDriver?0???????i??????????????????????.NT?? ?????? ???????????????srvnet?0?&??.NT??????i?i6.??????????????*p???i?i?????????0???????i???5???????????1???????????s??????i.???????i???4??se???????????????????e?i?j?j?j?j?j???????????????????i?i?1??COMPBATT_Inst????i?i10???i??????????????????????????????????FSFilter Virtualization??????????p??*6to4mp??y??t???11???????????s???????????0??0????????i???????2???????g???????????e??????????????t?????P??i?????????e?????????s??\Device\{D39B7F8B-A662-4FC7-A6E3-0FAFBBEBD066}?\Device\{BEFE4037-3123-49C4-B1AF-8C7EF1AD5639}??39}???i?i?i??????? ???????n???????? ??????????? ????????S????luafv???????????????????2????????i????????h??????????i????????????????0??t??????e???LocalSystem??????????i?????????n????????????????????C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe??????? ???i???????????????????i???????4???4??Allows applications to access the local Intel(R) Management and Security Application using its locally-avai
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route                                                                                      ??????????2???????????h??????????????|??????????????????????t???????t???????????????*6to4mp??B??????????????????????tunnel?00-??6.1.7600.16385??????Microsoft????????????B???????????????????"??????????????????????????????????*6to4mp??????????????o????????aS A??192.168.1.254???????home?5???????(???????????????????????????????????n??Net???????N?????????????????????????????????????????????????????*6to4mp?????6.1.7600.16385??????? ????????????????????????????$?N?h?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0104?fi??{A3FC72FF-B625-4273-920E-DA390AFB17C4}???l???????????y???????s??????? ????????????????????????????????????????????s03C????:??????4?g??????N??????c???????????????????????????????????????? ??????????e??????????????????????????????????t???????????{4d36e972-e325-11ce-bfc1-08002be10318}??????????????*6to4mp?????*6to4mp?10???????????????????????????s??????st??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????4???????????????????????e??13??13?????????
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export                                                                                     ?????????????????????????????????t??????????????????*6to4mp??B???????????????????????????????????????c????????????????(????????????n????????????????????????????????????????????????????????????????????text?e????????????????????????^????????????n????????????????????????????????????????????????????????????????????WAN Miniport (IKEv2)?????????????????????????????????????V??e0??Net?????????????????????????????????????????????????????????????????????????19??????????????????????????????????????????????????????????????????????????????????????????????????????Net?????*6to4mp?7????????????s??????ol???????????????????????????????4??192.168.1.254??n??????<????????????$??????????????????????????????????2???????????h??????????????|??????????????????????t???????t???????????????*6to4mp??B??????????????????????tunnel?00-??6.1.7600.16385??????Microsoft????????????B???????????????????"??????????????????????????????????*6to4mp??????????????o????????aS A??192.168.1.254???????home?5???????(???????????????????????????????????n??Net
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind                                                                                         ???`?????????i????????????????????????????????`??i?????????e????Boot Bus Extender????????????????s???????T??????s???????????FltMgr??????????????????????????t???C:\ProgramData\Microsoft\MF??????s???s????<??j?????????e?????????????r?r?s???s???????????????????????????????????????u?u?u????????????????????????R??p????????h??????s?s?s??*6to4mp??e??????????????t???FltMgr???????i??????????????LegacyDriver?f???????j??????s???rpcss????????????????C??????????.i???????i??????p?????X??????????e???9?U?i?i????????????????? ???4??? $??i???y?????r?p??????????????????text?????????????????????????????????-??????1D????X??????&???&?????????????????????? ????_?????s39?????s?o???????????????????t??????? ????N??i????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}???4???????????????????????????4??????? ???T?i?i?i?????????????????v?????????????? ????h?????s?4????.??????'???t??Net??????????&???????????4??s?????X??j?????????????????????????????????i?&???????????????????????o?????svr???????????????h???????????????i??????????????????? ?
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route                                                                                        ???i?r???????????????e???????u???????????????????????h?i?i?i????sC???????e???n???e????N??i???0????D000???????i???b??sC??WUDFRd?d?d??PEAUTH?11D??{8ECC055D-047F-11D1-A537-0000F8753ED1}??&????????????E??t-???????????o???????????????i?????????????????????????s?????i???????????????n??Typ?????????????????????????????????????????????Microsoft???Network?????11???????i???????#??volsnap??????i???p?p?p??LegacyDriver??????????????????????????N??j???t????D??0??Extended base????g?g?i?i?i?i?i???????&????*??i??? ?????????n?????????s????4??j????????h??????????{??Microsoft????i???????????????????????????i????:????????g?????i???????????????????????  ?????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????T?f?i?i?i?i?h???????i???????????i???????????j?j?1???????????????i???C??????{8ECC055D-047F-11D1-A537-0000F8753ED1}?-A5???????????????1???????j???t?t?t??????????????????LegacyDriver????WimFltr??????j?j?j????????????N??i????????D?N???ms_ndiswanbh?????????????i???????z???????i???i?j?1???????2??? 0??i???3??????????RPCSS??????
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export                                                                                       ???y?????????u???n???e??Net?????11??????????e????????????y??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|???6-21-2006???v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|????????y??????????????????e????????z???????????????????????????z????????????????????????N??????y????D??u??oem7.inf?n????????????^??{???|??????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|??????!???z????????????????????e??????"???z???;?????????????????;?;???????z???????????????????e???????????????j??*6to4mp??B??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=
Reg    HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind                                                                                      ???i?i???????????i??? ???????t???????????i?:????????????,??????????????????????? ???RPCSS???????@%SystemRoot%\system32\drivers\netbt.sys,-2?????File system?????Net??u????"??i??????p?????2??j????????h?????????????????????????t????????????????????????? ??[??????p????????i??????????aswMonFlt????????i???????s??tcpip?????????????????????????????????????????????V??n?????????e?????????i??????s???system32\drivers\nsiproxy.sys???s?????????????^??i?????????e????????????????t??????????????g?????i?i?i?i?i???j?j? ??@%SystemRoot%\system32\drivers\nsiproxy.sys,-2????????$??i??????p?????B??s?????????e????Boot File System??????????????????????<??i????????h??????????????????????????i?i?i???????U??????????????????PNP_TDI??????????????????u??Tcpip???????????????? ???????????????????????|??? ?????????????i???????0????????????????????? ???????i???????????&?0????????????????????Net?????? P??????n??????????Net??-??192.168.137.1????????n??????????????n????????y???????????6???????i???????m???????n?????????P???????`?????????i?????????
Reg    HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route                                                                                     ???i??????????$??i??????p???Boot Bus Extender?????P??????????????d???i?i?i?i?i?if7????\??t?????????e????????????????????????tunnel?385????????????????????????8??i????????h??????????????????????|?|?s??????@???? ?g?5??????????????????? ????????????????????"??i?????????n????????????????????SCSI Miniport????????i??????p???system32\DRIVERS\msisadrv.sys???????????????????NDIS Proxy??????system32\DRIVERS\mrxsmb10.sys????i?i?i?i?i???i??????????????????????????????????system32\DRIVERS\mrxsmb20.sys???????????????t???File system?????Net??e??@%systemroot%\system32\wkssvc.dll,-1004??????????????????????????????????????????????????????????????????o?o?o??system32\DRIVERS\mrxsmb.sys???????<??i????????h??????????????????????????????????u??????????@%systemroot%\system32\wkssvc.dll,-1005?????????????????????GroupServiceMain??????$??i??????p???Net??j??Boot Bus Extender???????????????t????????r???o??????@%systemroot%\system32\wkssvc.dll,-1006????????????????g????????????????????@%systemroot%\system32\wkssvc.dll,-1007?????system3
Reg    HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export                                                                                    ???n????Sterownik stacji dysk?w CD-ROM??1?????"??j??????p?????$??j????????h?????????????????t?????????????????s??????????n??????????????????????????????????t???System32\Drivers\cng.sys????gendisk?????????????????????tunnel????????2??j????????h??????????o???r??????????LocalSystem?????????????????????????@%systemroot%\system32\drivers\dfsc.sys,-101????TCP/IP Registry Compatibility????j??????????????????????????t?????????????????????????????????????????P??j????????h?????\SystemRoot\system32\DRIVERS\amdide.sys???????(??j??????p???System Bus Extender???????R??j???????????d??mshdc.inf_amd64_neutral_a69a58a4286f0b22?????j?j?j?j?j?j????????????????t????????????????????q?q?j????????????????????????R??j????????h?????????????????????\SystemRoot\system32\drivers\amdsata.sys?.???????p???????j??????p???SCSI miniport?????V??????????????d???j?j?j?j?j?j?j???????????????e????????????????????????????????????????????????????????P??j??????????????\SystemRoot\system32\DRIVERS\amdsbs.sys??.???????j??????????SCSI Miniport?????T??j?

---- Files - GMER 2.1 ----

File   C:\ADSM_PData_0150                                                                                                                          0 bytes
File   C:\ADSM_PData_0150\DB                                                                                                                       0 bytes
File   C:\ADSM_PData_0150\DB\SI.db                                                                                                                 624 bytes
File   C:\ADSM_PData_0150\DB\UL.db                                                                                                                 16 bytes
File   C:\ADSM_PData_0150\DB\VL.db                                                                                                                 16 bytes
File   C:\ADSM_PData_0150\DB\WAL.db                                                                                                                2048 bytes
File   C:\ADSM_PData_0150\DragWait.exe                                                                                                             315392 bytes executable
File   C:\ADSM_PData_0150\_avt                                                                                                                     512 bytes

---- EOF - GMER 2.1 ----