GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-13 09:47:50
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964032 rev.0001 596,17GB
Running: yim5n6od.exe; Driver: C:\Users\user\AppData\Local\Temp\kftcaaob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000075881465 2 bytes [88, 75]
.text   C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000758814bb 2 bytes [88, 75]
.text   ...                                                                                                                                         * 2
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000075881465 2 bytes [88, 75]
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000758814bb 2 bytes [88, 75]
.text   ...                                                                                                                                         * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1892:5348]                                                                                                 000007fef9c256f8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind    ????oo??????????????t?????????????????????????????????????????N??n????????h??????n??\SystemRoot\system32\DRIVERS\HpSAMD.sys?iv??SCSI Miniport?????T??n???????????d??hpsamd.inf_amd64_neutral_f4d0397ad0d9b1cc???Net?????Keyboard Port????????????s??????????*6to4mp??????????????????u???o?r?????????????????????s???n??????????????\SystemRoot\system32\DRIVERS\iirsp.sys???3???????n??????p???SCSI Miniport?????R??n???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1?????n?n?n?n?n?n?n??Tcpip?????????(??n??????p???System Bus Extender???????R??n???????????d??mshdc.inf_amd64_neutral_a69a58a4286f0b22?????n?n?n?n?n?n?s???????????????n???????/??????????????????????????????????tunnel????????????+??.??????????????system32\DRIVERS\AgileVpn.sys???tunnel??????????????????????????????????????????????? ???????.??LegacyDriver??????<??n????????h??????????q??? D??o???????????????????????u??????????????????t?????\??????2?????e-9????????????6??o????????h???????????????????????*??t?????????e?????????????B???????????????????????B?????????
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route   ?????????t??? ??????????????????????????????????????{D??{4d36e972-e325-11ce-bfc1-08002be10318}\0044?76???????????s????c-B5???????????1??????? ???????U????????????????N?????$???<???????????????????????????????31????$??????4??????????? ??????????????????????????????????'????????????????????}??? ???????t??????IS??????????????????? ???????4?????-76???????????b?????efc??Adres sieciowy?b_T???????????????t??? ??????????????????????????????????????06??????\\?\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTI&PROD_FLASH_READER&REV_1.00#058F0O1111B1&0##{6bdd1fc6-810f-11d0-bec7-08002be2092f}??.???????????????????????????????????? ????????????????????????????????????#?????WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTI&PROD_FLASH_READER&REV_1.00#058F0O1111B1&0#?????????????????????#???\\?\WpdBusEnumRoot#UMB#2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTI&PROD_FLASH_READER&REV_1.00#058F0O1111B1&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}??????????? ?????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export  ?????u????H??u???????????????)??H?????????????????????????????????????????X??????y????????X??????????t???u??6-21-2006????? ??d???9???????u???~?~?~???????????s??NF???u??????????????????????????????????????????????.i???u?????u?????????????u??????????H????????????????????????????????????~??Net?????Net??s??? ???????u?????u?????u????????*????? ???????????????????????????????si??? ???????u?????r??????????L?????????????????? ???????u?????u??????????V?????????&???????????????????????? ???????u??????????????????????????+?????????????????????????????&??u???=????????X???????????????????????`?????????????????????? ???????|???????????g?:??????????8?&????????????????????U??tunnel??????????????????????????????????*6to4mp??????????u????V??u???????????d??? ???????|???????????m?:????????????&??????????????????????????????????????e????? ???????|???????????o?:????????????&????????????????????????u????X??????u???t??????19???????????M?????eft??????????? ???????u?????r??????????L?????????????????????????????????? ???s??????????d??
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                                                            ????????????????4&300d6352&0?????????????????8??????s???Typ?????? ???????t?????s?????t????????*????? ???????????????????????????????? ???????{?????????????9??????4?????&????????????????????????5???t??? ???????n?????t?????t????????$?????????????? 4??t??????????????NT Authority\LocalService???????????????????????????????????t??????? ?????????????,??t???????????????????t???????????e??????????????????????? B??t???????????????t???????t??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????????????????????????????i?s?t?t?t?t?t?t?t?t?t?t????%SystemRoot%\system32\mpssvc.dll????Tcpip???????@%SystemRoot%\system32\FirewallAPI.dll,-23090???NetworkProvider???????v??t????????h?????%SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork????????\??t?????????n????@%SystemRoot%\system32\FirewallAPI.dll,-23091???????? ???????t?????t?????i????????,?B??? ????????????????????????????????????????????????????????t?t?t?
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                                                           ??????????????????????~??????A??????*6to4mp??2????N????????????De\??? ???{???A?????eA-???????????????????????w??Karta Microsoft 6to4 #19??????2??????C??????56???????????????????????????????????????????????????i??\T??@nettun.inf,%msft%;Microsoft?8???????????????????????????????????????????????$???????????????????????????????$??????????????????????????????@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4???{4d36e972-e325-11ce-bfc1-08002be10318}???i????N???????????D?????tunnel?404????????????????????????????????.??????6??4?????????????N??????c??????????? ????????????????????????"?????l???????e9??Net??????????????C??????????? ?????????????????????0????????????&????????????????????m??? ?????????????????????0????????????????????? ???????????????????B?0????????????????????? ?????????????????????0????????????????????? ???????????????????T?0????????????????????? ?????????????????????0????????????????????6.1.7600.16385??????? ???????????????????T?0????????*???????????nettun.inf??????????????????????????????? ?????
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                                          ?????u???????????????????????h?i?i?i????sC???????e???n???e???????????????????????????i???b??sC??WUDFRd?d?d??srvnet?0?&????N??????0????D000??? ???i???????????????i???????i???9???e???????????o???????????????i?????????????????????????s?????i???????????????n??Typ?????????????????????????????????????????????Microsoft???Network?????11???????i???????#??volsnap??????i???p?p?p??LegacyDriver??????????????????????????N??j???t????D??0??Extended base????g?g?i?i?i?i?i???????&????*??i??? ?????????n?????????s????4??j????????h??????????{??Microsoft????i???????????????????????????i????:????????g?????i???????????????????????  ?????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????T?f?i?i?i?i?h???????i???????????i???????????j?j?1???????????????i???C??????{8ECC055D-047F-11D1-A537-0000F8753ED1}?-A5???????????????1???????j???t?t?t??????????????????LegacyDriver????WimFltr??????j?j?j????????????N??i????????D?N???ms_ndiswanbh?????????????i???????z???????i???i?j?1???????2??? 0??i???3??????????RPCSS??????????????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                                                                       ?????u??LegacyDriver??????N??j????????D??????????T??????s????????s????X??????????????????????k?k?????????????????????????i???????????????????i???:???????????[???s??eF??????????????t???????????? ???????:?????:?:????????????????????Z?????????????????????????????System32\drivers\partmgr.sys?????????????????????u??h???????????????????t???? ???? 8????@%SystemRoot%\system32\drivers\partmgr.sys,-101??????i?i?i?i?u?i?i??Network??????z??????????????????????@%SystemRoot%\system32\drivers\partmgr.sys,-100?????????????????????????????????t???Security Driver???????????????????????????????(??n??????p????????r???????r???o??Net??s???????????????s????:??i????????h?????system32\drivers\pciide.sys?\pciide.sys?ul???????????2?gus???????????????????????????????????????????????????????????????? ??[??????p?????N?????? ????D?\D???????i???????????u???????s????`??i?????????n??????8??i????????h?????????????????t????????????????????????????????????????????????????????????e???????????????????????????????????????i?????????n????IMServiceMa
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                                                                      ?????7???????7???????????????g???????????6??sA???????????????????????????????????????????????????i???????????????????-?????sB2???????????r???????????????????????????????????r??of???????0?%????? ??????????????????????????????z?????#?????Root\*6TO4MP\0001???{4d36e972-e325-11ce-bfc1-08002be10318}??????tunnel???????????????8????cAD5????N??????K?????Dic??????????????????????????????Adres sieciowy?1AF??{27209EDB-FC4E-4E07-A5E3-3D591C2E5C24}??????nettun.inf??????????????????????? ???????????????????????????????????,??is???????????r?????sIS???????????????g??????????????*6to4mp??????????????D??k ??? ???????????????????3?0??????*?.??? ???????????Root\*6TO4MP\0001????????????????????????????D???0????????????4?? ?????????? ?????????????????????????????9????? ??????????? ?????9????? ??????????? ??????? ??????? ??? ??????? ???83???C?0?0????????????????????????????????????????9????? ??????????? ?????9????? ??????????? ??????? ??????? ??? ??????? ????????????????&???????????????????8???h??system32\drivers\WudfPf.sys????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                     ?????u??Tcpip???????????????? ???????????????????????|??? ?????????????i???????0????????????????????? ???????i???????????&?0????????????????????Net?????? P??????n??????????Net?????192.168.137.1????????n??????????????n????????y???????????6???????i???????m???????n?????????P???????`?????????i????????????????????????????????`??i?????????e????Boot Bus Extender????????????????s???????T??????s???????????FltMgr??????????????????????????t???C:\ProgramData\Microsoft\MF??????s???s????<??j?????????e?????????????r?r?s???s???????????????????????????????????????u?u?u????????????????????????R??p????????h??????s?s?s??tunnel?96-??????????????t???tunnel?65A???i??????????????LegacyDriver?f???????j??????s???rpcss????????????????C??????????.i???????i??????p?????X??????????e???9?U?i?i????????????????? ???4??? $??i???y?????r?p??????????????????text?????????????????????????????????-??????1D????X??????&???&?????????????????????? ????_?????s39???????o???????????????????t??????? ????N??i????????D?????{8ECC055D-047F-11D1-A537-0000F8753E
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind                                                                                 ????????? ?????????????????????0?????????????????????????????????????????????1??11??????? ??p????A??????xB????4??????"??????02??Karta Microsoft 6to4 #112????????????F???????4??????????????????Microsoft???nettun.inf?B-4??? ?????????????????????0??L????????? ??????8A6??? ?????????????????????0????????????&????????????????????{??? ?????????????????????0????????????????????????????? ?????????????????????0?????????????????????????????????????C??}"???????????-??D7??nettun.inf?CE2??? ???????{?????CDD??6to4mp.ndi?35-??? ??????????????????6-21-2006???? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????7??7}??6to4mp.ndi?1E7???????????-??????9B??? ?????????????????????0????????????????????????????*6to4mp?????? ?????????????????????0?????????????????????????????????????}??"{???????????1??4F??Microsoft????????????"???????6??????-4??????????????????????????????#???????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????4???"?
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route                                                                                ?????????????????????????0??????????*6to4mp?B2??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????7??B5???????????3??}"??*6to4mp?A-??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????B??"????????????0??0-??????2F??? ?????????????????????0????????????&????????????????????{??????????????? ?????????????????????0????????????????????? ?????????????????????0????????~????????????????????????????"??{0????~??????A??6B??nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?647??????35???????????C???e??tunnel?}"???? *??????1?????039??Karta Microsoft 6to4?E??????????????????????????????????????????09??? ?????????????????????0??????????????????????????????????????????????????????F03FE1-3B14-??? ?????????????????????0????????*???????????? l??????7?????E6}??@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4????????????????????????????????D?????s-4??? ??????????????????8???????????`????????e?????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export                                                                               ????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????Root\*6TO4MP\0235???tunnel??????????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????0??????????u??????00??????????????????Microsoft???????????????#???? ???????j????????????????"?????X?)?`???????????????????????????????????????????????????Adres sieciowy???????? ?????????????? ???????????????????????????????????????????????????-????c55a???????????5???t??????????????????int??????????????????e??tunnel??{e????>??????0??????Sterownik karty Microsoft 6to4??????? ??????????????????????????????"??? ??????a-d??? ???????}???????m??tunnel??????? "?????????????????ndis5_ip6_tunnel?i???????????;??cr???????????????h??Typ?????*6to4mp?????????????????ROOT\*6TO4MP\0037??????????????????d?????????????y??????????? ?????????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind                                                                                   ????????text?|????????????????????????N??????C???????????????w??????????????????system32\DRIVERS\JME.sys?????????????????p??ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)??????????????Net?????Microsoft???????????????????tunnel??????????????????????Net??????????????B??*6to4mp?02??????????????4????? ??s???????t???|???????????????????????s????????.?D3??Net??u???????????????????????????????????????????????????|???????????????|??????p????????????|??????????????????*6to4mp?????????????????????????Net?????text????????????tunnel?pip??Net?????Net?????11??????????????*6to4mp??d?????????????????????????????????nX???NDIS Usermode I/O Protocol??????? ???m???A?????}??????N??????u???????u???u???????????????????????????????o??Net??????????????????????????b???????????????????????j???????????e??????????????????????%SystemRoot%\System32\trkwks.dll?????????|??????????Net???????V??|??????????????????SeRestorePrivilege?SeImpersonatePrivilege????????????????????????????????u?u?u?u?u?|?y?y?|?|?|?|????? ???????u?
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route                                                                                  ????????? ??^?????????????????????????????085???11??????? ??????? ?????a (??tunnel???????????????1???????s??????????????????????????????????????????????????????????????? ?????????????????????0??????????????????????????????????????*??????????????????????U??{4d36e972-e325-11ce-bfc1-08002be10318}?F-4??? ???????F??????in??????Po??czenie lokalne* 79??????????L???????????????????????????????????Sterownik karty Microsoft 6to4??????t ???????????b???????s??????? ?????????????????????0????????????&????????????????????_??????????????????????d???????????????????????????????????????@%SystemRoot%\system32\drivers\netbt.sys,-2?????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??? ???????????????????????????e?[?f?f?g?h?f?k?k?k?k????Z???????????????????????,??????0?????e30??????HidUsb?-9A??????????????????????STORAGE\Volume???k??volsnap???????????????????????X??????????d??Volume????????????????????????????????????????????????????X?????????????ms_pptpminiport?????@volume.inf,%msft%;Microsoft?????????????n??dr??????tunnel?????
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export                                                                                 ?????u??????????????????*6to4mp?????? P??????????????????????2??????????*6to4mp??????????8???8??A6??????????????????????????????????????tunnel??????*6to4mp???????????????X?????? ??????????????????????????? ???????n??????????????????????P????????p??User Mode Driver Frameworks Platform Driver?????????????tunnel???????????j?????????n????????????????????????? ???s???~???????.???.?????????????????????????????????n????11?11.??*6to4mp??t??? *??~???????????s??*6to4mp?????Net??????????????1??85??85??? ???????n??????????????????????P???????s?????`??????????????????????B???????????y??t?????????????????????????X??????a???t????*??|???T????????????????????X??????y???t??? ???????}???????????u??????????????&???????????????????????%SystemRoot%\system32\wbem\WMIsvc.dll???????? ??????????????t?????????????????????????????????????????H??u????????h???????`?????????????? ???????n???????????u??????????X?????????????????????????????????????????????????P??u????????h?????\SystemRoot\system32\DRIVERS\rdpbus.sys?????RDPCDD????????X??u?
Reg     HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind                                                                                     ?????u??%SystemRoot%\System32\alg.exe????o????8??o???????????????????????????????????????o??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege????????,??o???????????????????????????????????????o??? ???????n???????????j??????????R???????????????????????.?????????????????????????????????????????????????????????:??????????????????&???o???????????????????????????&???o???????????????????????????&???o???????????????????????????p?q????? ???????n???????????j??????????R???????????????????????.???????????????????????????????????????????????????????????????????????????????????????????????.????????????????????????????????????????????????????????????????????????????????????&???o??????????????????????????? ???????o?????o?????j?????????????? ????????????????o???????????r??*6to4mp??u???????????{?|e??????o?????o????????????????????????????????????????N??o????????h?????\SystemRoot\system32\DRIVERS\amdk8.sys????????0??o?????????e????AMD K8 Processor Driver??????????o??????p???Extended Base??
Reg     HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route                                                                                    ????????HidUsb??????????g???????????????????????????s ????X??????????????????????????????E???????-??? ???????B??????n7???????????8???e???e??? ??????????????????? ???????????????????j??????????`????????e??? ??????????????????????????????????????0-???????????F????cFFF??????????????????????????????B6??? ??????????????????????????????????'????????????????????}??? ?????????????????????0????????????&???????????????????????????????? ??<???????????????*6to4mp?nf????N??????8????D?????*6to4mp?FA???????????7???e????>??????6??????? ?????????????????????0??????*?.??? ???????????????????????????????d&??? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????????????E??5D??t???? ???????Z?????????????0????????????&???????????????????????int? ????????????????????????????????????????????2???5???????????F??C7??????????FA??????#?????*??????i????d?? ??? ??????????????????????????????????????????????????????????????? P?????????????????Ka??? ??????????????????????????????`????????e?
Reg     HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export                                                                                   ?????u??????text?p???????j???????1?????k????? ???????k?????k???????0????????????????????????????*6to4mp??B??? ???????k???????????h?0????????$???????????@netrasa.inf,%mp-ip-dispname%;WAN Miniport (IP)????????k????? ???????k?????k???????0????????????????????? ???????k???????????h?0?????????????????????????m???????????????????????T??????s??????????????????k????? ???????k?????k???????0????????????????????6.1.7600.16385???2??????????????? ???????k???????????h?0????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?????????k????? ???????k?????k???????0????????????????????? ???????k???????????h?0?????????????????????????????3???????????????????????j?k?????k?l?k?????????k????? ???????k?????k???????0????????????????????? ???????k???????????h?0?????????????????????????T??????? ??????????????pl?????????????????????????k????? ???????k?????k???????0???????????????????????k???k???k???k???k???k???k???k???k????????????? ???????k???????????h?0??????????????????????X??????3?????????k????? ???????k?????k???????0???????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind                                                                                  ????????????????????????????t????????????????????t?t?n????????????????????????N??n????????h?????\SystemRoot\system32\DRIVERS\msdsm.sys?-Pa??4304?????n????(??n??????p???System Bus Extender??????????????????n??????????????? ??????????????????????????????????? ?????????????????????????????j???j???n???n???n???n?n?n?n??elxstor.inf_amd64_neutral_4263942b9dfe9077??????? ???????n???????????j??????????8?r?????????11???|?????????????????e???????????????????e?????????????????????n??? ?????????????????????????????????????????????????????????????h???????????????????????????????????????????x????system32\DRIVERS\ETD.sys??????8??n????????h???????P??t???+?????e?+???????????????????????????????B???????????????e????X??????&???t????D??p???????????e????,??????????????????????n????????????????L??p??????????????????FSFilter Infrastructure?????????? .?Ad??.NTAMD64?w?????n???n???n??086&??? ???????n?????n???????0????????????&???????????????????????? ???????n?????n???????0????????????????????? ???????n???????????m?0???????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route                                                                                 ????????????????????????????????????t ??????????????????'???????Typ???????N??????c???????????i??? ???????s???????????????????????e??? ?????????????????????0????????????????????????????????????????text??????????????????????????????????z??????1??????????wpdbusenum\fs??ge\??? ???????????????????????????i???????????????i???????????5?????e1E???????????k??????????????????????so??????????????????\\?\Root#*6TO4MP#0378#{cac88484-7515-4c03-82e6-71a87abac361}?????????????????e??6-21-2006?????????????????????????`?????????????????????*6to4mp??t???????????????????????????????????????????j???????????e??????????????????????? ????????????????????????????????????????????s-8E??6.1.7600.16385?E82??? ???????????????????????????????????????f??? ?????????????????????0??L????????? ??????"{B????*?????????????? ?????????????????????0????????????????????? ?????????????????????0????????*???????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????vi??? ?
Reg     HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export                                                                                ?????u????6??r????????h?????????????tunnel?A}"???????????????????????????f??????????????????????? ???????o?????o?????o?????????????? ???????????? ???????o???????????o???????????????????????????o???????????r??/MAXTAGS=64????????o0???? ???????o???????????o????????????????????????????????????5????????o???o????? ???????n?????o????????????????????????????? ???????n???????????o??????????N???????8???????????????t??????o???o????? ??????????????????? ???????o?????????????????????????????????????o???o????? ???????n?????o?????o????????$?Z??????????c????%systemroot%\system32\svchost.exe -k netsvcs????@%SystemRoot%\system32\aelupsvc.dll,-2??????? ???o???????????????????????????????????o?o?o??@%SystemRoot%\system32\aelupsvc.dll,-1????????Z??o????????h???????N??o?????????n????localSystem????????o???o??????N??o?????????e????????????????t??????????????????????????????????????? ?????????????N??o??????????????????SeTcbPrivilege?SeImpersonatePrivilege????????o?o?o?o?o?o?o?o?o????,?????????????????NDIS?7??? ???????o???????????h?
Reg     HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind        ???.?8????(??.???????????????1?????????????g????wpdfs.inf???????0???????????????? ??????????????????pci?????? ??0????????????????????{??MEDIA????????????????????????????/?/?/??PCI\VEN_8086&DEV_2D01&SUBSYS_80868086&REV_02?PCI\VEN_8086&DEV_2D01&SUBSYS_80868086?PCI\VEN_8086&DEV_2D01&CC_060000?PCI\VEN_8086&DEV_2D01&CC_0600????{00000000-0000-0000-ffff-ffffffffffff}?fff???3?4???????6?????.??? ???????.?????????????0????????????????????? ???????&?????.?????/?/?.??????0???????????????? .??.?????????6?6???.??? ???????.?????????????0????????????????????? ???????.?????????????0?????????????????????????????????????????5??? ???????-?????4?? ??:????"????????????.?.???????????.???.????????????????N??.????????Dvro???.??? ???????,?????0??????????j????????????E?????????????????????????????????????1??????0????????????????/?/00??????PCI\VEN_8086&DEV_2D01&REV_02?PCI\VEN_8086&DEV_2D01?PCI\VEN_8086&CC_060000?PCI\VEN_8086&CC_0600?PCI\VEN_8086?PCI\CC_060000?PCI\CC_0600??A&C????N??.??? ?????D????? ~??7???????????????6?6?????.?8A???{00
Reg     HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route       ???.?.???.??PCI\VEN_8086&DEV_2D12&REV_02?PCI\VEN_8086&DEV_2D12?PCI\VEN_8086&CC_060000?PCI\VEN_8086&CC_0600?PCI\VEN_8086?PCI\CC_060000?PCI\CC_0600???????H???????????????????????????????????????????????????????????s??????????????????????????????g????i8042prt????\SystemRoot\system32\DRIVERS\lsi_fc.sys?????? ???.??????????se???.?.?????.??????????PCI\VEN_8086&DEV_2D13&SUBSYS_80868086&REV_02?PCI\VEN_8086&DEV_2D13&SUBSYS_80868086?PCI\VEN_8086&DEV_2D13&CC_060000?PCI\VEN_8086&DEV_2D13&CC_0600??????N??.???????????????3?3?.???.??System??????????????? ??????????`????1??????V_?????? ????????????.??\SystemRoot\system32\DRIVERS\MegaSR.sys?cy???????????????????????????????????.???.??PCI\VEN_8086&DEV_2D13&REV_02?PCI\VEN_8086&DEV_2D13?PCI\VEN_8086&CC_060000?PCI\VEN_8086&CC_0600?PCI\VEN_8086?PCI\CC_060000?PCI\CC_0600???????? x??.???????????????3?3?.???.???.???.??? ???????,?????2?????.????????????2? ???????I???????????????????????\SystemRoot\system32\DRIVERS\lsi_sas.sys?????????????????????????4?????.?????U?U????? ???????.?????
Reg     HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export      ???y?i??Net???????`???????????????????????????8??}????????h???????.??????????e??11???????????????????????????????u???????????????{???e??????????t????~?~?~??? ???????n???????????u??????????T?????????r???????????????????????????????????????????T??u????????h?????\SystemRoot\system32\DRIVERS\processr.sys?????"??u?????????e????Processor Driver?????????u??????p???Extended Base????u?u?u?u?u?u?u????N??u???????????d??cpu.inf_amd64_neutral_ae5de2e1bf2793c3???????????u??????p???? ???????n?????u?????u????????$??????????c??LocalSystem?????????????????????????LocalSystem?????????????????t??????? ?????????????,??????????????????????s???????????e???????u??????????????????SeBackupPrivilege?SeRestorePrivilege?SeTakeOwnershipPrivilege?SeDebugPrivilege?SeImpersonatePrivilege????????u?u?u?u?u?u?u?u?u?u?u????N??u?????????e????%systemroot%\system32\svchost.exe -k netsvcs??????P??u?????????n????@%systemroot%\system32\profsvc.dll,-301?????? ???u?????????????????????????????u?????u????????????????P??u?????????e????@%systemroot%\syste
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                                                ?????????i??????????????????{71a27cdd-812a-11d0-bec7-08002be2092f}?600????:??k?????g??????N??k????????D??????i???????????????????????d?f?i?i?????????????????0?????s86???o???????i???????i???3??s}???????????i???????????????4?????s? ???i????????????X??k???????0???????????????????????????4?????????????????s????? "??i???????????????  ??j?????????????????i?r???????????????e???????u???????????????????????h?i?i?i????sC???????e???n???e???????????????????????????i???b??sC??WUDFRd?d?d??srvnet?0?&????N??????0????D000??? ???i???????????????i???????i???9???e???????????o???????????????i?????????????????????????s?????i???????????????n??Typ?????????????????????????????????????????????Microsoft???Network?????11???????i???????#??volsnap??????i???p?p?p??LegacyDriver??????????????????????????N??j???t????D??0??Extended base????g?g?i?i?i?i?i???????&????*??i??? ?????????n?????????s????4??j????????h??????????{??Microsoft????i???????????????????????????i????:????????g?????i???????????????????????  ?????????????????{8ECC055D-047F-11D1
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                                               ?????r???????[??????l_intl.nls??????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[???????????\?\?[???????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[???????????????????????????[??????????l_intl.nls???????????[???????????????????????e?fS???l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[???????????\?\?\???????[??????????l_intl.nls???????????[??????????l_intl.nls??????l_intl.nls??????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[???????????????????????????[??????????l_intl.nls???????????[??????D???????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????????????????[??????????l_intl.nls???????????[??????????????????????l_i
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                              ??????????>??p???A???????????p?????p????? ???????j???????????j???????? ?@????????????y??%SystemRoot%\ehome\ehepgres.dll?????%SystemRoot%\ehome\ehRecvr.exe??pc??? ???????p?????p?????j?????????????? ?????????????(??p??????????? ???????p???????????n????????????????????????????*??p??????e?????.??p???????t?????p?????p???p??????????????? ???????n???????????p??????????P?p?????????%systemroot%\system32\esentprf.dll???????????p?????????e????esentprf.ini????? ?????????????????????????????3????@comres.dll,-2451???? 4??p??????????????NT AUTHORITY\LocalService???????????????????????????????????t????????????e??tB?????? ????????????????n???????????e????,??p??????????????? ???????n?????p??????????????????q?????T???? ???????p???????????p??????????F??????????e??????????????????????????`??p??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege???????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? :??p??????????????%systemroot%\system32\es.dll????????????????????????????????B??????g????Net??????????????o?p?p?|???????
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                                           ?????n??Volume??????LegacyDriver?????i??????De???????i???:???:???????????????????i???????????????????????  ??i??????????????STORAGE\Volume???????????????????????????????i???????????g?i?i?i?????4???i???????????i?i?i???????????&?????s63??kbdclass?????????s??USB??????????i??????s????? ??8???1???e??LegacyDriver????STORAGE\Volume???????????g???????e?????????????g?????k?k????mrxsmb??????????s?????N??k?????????D??????X??k?????????????????????????s??????N??i?????????D????{00000000-0000-0000-0000-000000000000}?????????????????????s??????N??i???????????????????i??????????? ???????j?????i?????i???????????????????????????????????C???&???i?i?j??? ???????i??????????????????????N????????????i?i?i?i?????????i???i?j?i???????????3??s3?????i?&???????i???-??sb??ATA Channel 0????i?i?i???????h???C???????????????????????i????????????????????????????"??i???B??????compositebus.inf??????(??i???i??????CompositeBus_Device??-???????????????3???????????3???3??????? ???i???????????????????????????????????i????????????s??????i?i?i???????i?
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                                          ?????s??????9???????????????????????????3???????????????5???????????????d???????????????????????????b???????????????6????????????????/???6??????????c???????????????2????????????[?[?[?[?[?[?[??????f???????????????5???????????????5???????????????1????????????[??????5???????????????5???????????????2???????????System?753?????[????????1???????????????1????????????h???d??????1???????????????1????????????\?\?[???[??????2???????????????2???????????????5???????????????f???????????????f???????????NDIS?0??????2???????????????2???????????????1???????????HDAudBus?-???????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????????[??????????l_intl.nls???????? ??[???????????e???? ??[???????t???? ??[???????????????e???????[???????????????k??????1???????????????1???????????????f???????????????f???????????????f???????????????f???????????????????????????3???????????????3???????????4&a967c5d&0??6??????f???????????????f???????????????f???????????????f??????????
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                         ?????????????????????????????n???F???????N??kbd101.dll???????s?s?s???s???????n???????????R???????n??????????????????????PCAT_101KEY??????????????????e???????????????????????????????s??????????????????????t?????????????????????s??????????????????????????????????????????????????????????n???????????????????s?n?n????????????????????????R??n????????h?????\SystemRoot\system32\drivers\iaStorV.sys? ???????p???s?s?s???n???????n??????p???SCSI Miniport?????V??????????????d???????????!???e?????????????g????BFE?????????oo??????????????t?????????????????????????????????????????N??n????????h??????n??\SystemRoot\system32\DRIVERS\HpSAMD.sys?iv??SCSI Miniport?????T??n???????????d??hpsamd.inf_amd64_neutral_f4d0397ad0d9b1cc???Net?????Keyboard Port????????????s??????????*6to4mp??????????????????u???o?r?????????????????????s???n??????????????\SystemRoot\system32\DRIVERS\iirsp.sys???3???????n??????p???SCSI Miniport?????R??n???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1?????n?n?n?n?n?n?n??Tcpip?????????(??n??????p???System 
Reg     HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind                                                                                     ?????o???????????????????t??????? ????N??i????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}???4???????????????????????????4??????? ???T?i?i?i?????????????????v?????????????? ????h?????s?4????.??????'???t??Net??|???????&???????????4??s?????X??j?????????????????????????????????i?&??AVGIDSHA?2???????????o?????svr???????????????h???????????????i??????????????????? ???????????????s??????st???????j???4???????????????????s??????6???? ???????j?????i?????i??????????????????????????????????????????????? ???????i???????????i??????????N??????????????? ????4?????s????LegacyDriver????? l??l???4???????????????[???s??ep??mrxsmb??????????ur???????????????3?????????????????s????PEAUTH?11D????P??i?????????e????Net???????????????N??i???????????????????????5???????????|???????i???5??s????e?f?i?i????sf???i?i?????????s??????????????????text?s???????i???E??s6???????????4???????4??????vr???????&???????????2??sf???????????????h??????s?????z????????g????????????????@%???i?i??????2?????????????????????????????????????????co???i?i?-?
Reg     HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route                                                                                    ???????????????????g????????????????????????????????e???????????????SCSI Miniport???????????????t?????????????????????????????$???????????????????????????????????????:???????????h?????tunnel?0?n??Microsoft????????n???e???????????????u?????????d????? ??????????????????????????????????????????? ???????p???????????j????>?????d???????g???C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???? ??e???????????????? ???j????????????????????????????????????d?????????????????????????????????? ???????????????????j???????? ?d????????????????????s??C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL?????????????????????????d??????_??????????????????? ???????p???????????n????8?????d???????????C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???? ??d???????????????? ???m???.????????????????????????????????d??????????????????????????p??????? ???????????????????j???????? ?d???????????????????????C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???????????????????????????????tunnel??????????????? ?????????????????????0???????????
Reg     HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export                                                                                   ??????????D??????????????????p?s????????????????????????? ???????????i?i?n?t?n???????????????????????????????????i?i?????????C?0?0????????????0???????? ????????????????????????????????9????? ??????????? ?????9????? ??????????? ??????? ??????????? ??????????????????????j???????????????????????????????????y????????????????????????????????????????????????????$??????E???????-???????????4??????AA????$??????3??????????????????????? ????????????yion??Root\*6TO4MP\0193????????????"??????7F??Root\*6TO4MP\0194?????????*??????1????d?????Typ?????????@nettun.inf,%msft%;Microsoft????????????????????????*6to4mp?????? ?????????????????????0????????????????????? ???????????????????j?0????????????????????????????????????????????????????????? ??*6to4mp?????? ?????????????m???????0????????????????????? ???????????????????m?0????????????????????\\?\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{6E3C6B4A-4577-4CF9-901B-748DBB4861D3}?CD??? ?????????????????????0????????????????????? ???????????????????m?0???????????????
Reg     HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind                                                                                       ???s?i??????????????????????LegacyDriver?0???????i??????????????????????.NT?? ?????? ???????????????RasSstp??0??.NT??????i?i6.??????????????*p???i?i?????????0???????i???5???????????1???????????s??????i.??KSecPkg??3??se???????????????????e?i?j?j?j?j?j???????????????????i?i?1??COMPBATT_Inst????i?i10???i??????????????????????????????????FSFilter Virtualization??????????p??*6to4mp??y??t???11???????????s???????????0??0????????i???????2???????g???????????e??????????????t?????P??i?????????e?????????s??\Device\{D39B7F8B-A662-4FC7-A6E3-0FAFBBEBD066}?\Device\{BEFE4037-3123-49C4-B1AF-8C7EF1AD5639}??39}???i?i?i??????? ???????n???????? ??????????? ????????S????luafv???????????????????2????????i????????h??????????i????????????????0??t??????e???LocalSystem??????????i?????????n????????????????????C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe??????? ???i???????????????????i???????4???4??Allows applications to access the local Intel(R) Management and Security Application using its locally-avai
Reg     HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route                                                                                      ????????????????11??????????????*6to4mp??B??Microsoft???? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????????????????????????????? ???????????????????????????u??????int?TA??????ROOT\*6TO4MP\0091???????????????????????? ???????????e??????????d8??????????????????????????????????s???????????????5F???????????0??s???????????????????????????????????De??? ???????v??????eB????N??????c???????????????????????????????_??d1??int??f???????????l??????????????????`????t????????????????????????????????????X??????????????????l??? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????tunnel??????USBSTOR??????l??????????????????????????????????????????????6to4mp.ndi??17????????????N??????n?????D?????????????????????7??37??? ??????????????????????????????????????????????? ?????????????????????0????????*???????????? ?????????????????????0???????????
Reg     HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export                                                                                     ?????????????????.???.???????j???????????O??)?????????????????????????????????????N??????c??????????????????????????????08???????????n?????een??????????wpdfs.inf????????????????????????????????????????????????8???C???????????????|??????s???????????????????????*6to4mp?????????????????????????????????????18??tunnel???????????????????????????????????????????B??????9-???????????B??AVG TDI Driver?WEI??*6to4mp???????0??????8?????e18??????iv???????????????????????I???O??????os???????k???????e????d???????????h?????????????????????????????????????????????????????????????? ???????????????????>??????????????????????????????????????Microsoft????????????????????B???????????B??????????????????????????????????????????11?????????????????????????????????????????????e????????????????????????22??????????????system32\DRIVERS\avgtdia.sys?c???????????????????????????????????????????e??????????????6-21-2006???????????????????????????*6to4mp??????????l???????????e??????os??Microsoft????????????B??C-??????C-??????????????? ???????@?
Reg     HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind                                                                                         ???`?????????i????????????????????????????????`??i?????????e????Boot Bus Extender????????????????s???????T??????s???????????FltMgr??????????????????????????t???C:\ProgramData\Microsoft\MF??????s???s????<??j?????????e?????????????r?r?s???s???????????????????????????????????????u?u?u????????????????????????R??p????????h??????s?s?s??tunnel?96-??????????????t???tunnel?65A???i??????????????LegacyDriver?f???????j??????s???rpcss????????????????C??????????.i???????i??????p?????X??????????e???9?U?i?i????????????????? ???4??? $??i???y?????r?p??????????????????text?????????????????????????????????-??????1D????X??????&???&?????????????????????? ????_?????s39???????o???????????????????t??????? ????N??i????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}???4???????????????????????????4??????? ???T?i?i?i?????????????????v?????????????? ????h?????s?4????.??????'???t??Net??|???????&???????????4??s?????X??j?????????????????????????????????i?&??AVGIDSHA?2???????????o?????svr???????????????h???????????????i??????????????????? ?
Reg     HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route                                                                                        ???i?r???????????????e???????u???????????????????????h?i?i?i????sC???????e???n???e???????????????????????????i???b??sC??WUDFRd?d?d??srvnet?0?&????N??????0????D000??? ???i???????????????i???????i???9???e???????????o???????????????i?????????????????????????s?????i???????????????n??Typ?????????????????????????????????????????????Microsoft???Network?????11???????i???????#??volsnap??????i???p?p?p??LegacyDriver??????????????????????????N??j???t????D??0??Extended base????g?g?i?i?i?i?i???????&????*??i??? ?????????n?????????s????4??j????????h??????????{??Microsoft????i???????????????????????????i????:????????g?????i???????????????????????  ?????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????T?f?i?i?i?i?h???????i???????????i???????????j?j?1???????????????i???C??????{8ECC055D-047F-11D1-A537-0000F8753ED1}?-A5???????????????1???????j???t?t?t??????????????????LegacyDriver????WimFltr??????j?j?j????????????N??i????????D?N???ms_ndiswanbh?????????????i???????z???????i???i?j?1???????2??? 0??i???3??????????RPCSS??????
Reg     HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export                                                                                       ???s????6-21-2006???????????? ???????j?????j?????i????????????*??????????????????????????????????j??? ???????j???????????i??????????\????????????????????e????X??????.???.???y???p?????j?&????????????N??j????????D?? ??Net??????k?k?3??????ro???B?????j?&??ROOT\VOLMGR??????????????????Z???j???????k?k?????????????2??????????????????????????????????m????????????0??{f???????????F???????????????????k???b??4d??? ???????f?????j????????????????????????????? ???????n?????m??????????@????????????B?????j??? ???????j?????????????????????????? ???????????????????*6to4mp?????????????Volume???????????T??????s???11?97????????f??????s?????N??????I????????????????????N???????????D?? ???????i??????????tunnel?24A???????j???????????????????9??????00????h??????.?g?.??volume_install??????????? ???????j?????j?????j????????????8?????????????????????????????????? ???????j???????????i??????????N????????????????????????????????i???t??2t?????j?&??USBSTOR?????? ???j????????????????X??????????????????1???? ??u???????????????????????u??????A??
Reg     HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind                                                                                      ???i?i???????????i??? ???????t???????????i?:????????????,??????????????????????? ???RPCSS???????@%SystemRoot%\system32\drivers\netbt.sys,-2?????File system?????Net???????"??i??????p?????2??i????????h?????????????????????????t????????????????????????? ??[??????p????????i??????????*6to4mp??C???????i???????s??tcpip?????????????????????????????????????????????V??n?????????e?????????i??????s???system32\drivers\nsiproxy.sys???s?????????????^??i?????????e????????????????t??????????????g?????i?i?i?i?i???j?j? ??@%SystemRoot%\system32\drivers\nsiproxy.sys,-2????????$??i??????p?????B??s?????????e????Boot File System??????????????????????<??i????????h??????????????????????????i?i?i???????U??????????????????PNP_TDI??????????????????u??Tcpip???????????????? ???????????????????????|??? ?????????????i???????0????????????????????? ???????i???????????&?0????????????????????Net?????? P??????n??????????Net?????192.168.137.1????????n??????????????n????????y???????????6???????i???????m???????n?????????P???????`?????????i?????????
Reg     HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route                                                                                     ???i??????????$??i??????p???Boot Bus Extender?????P??????????????d???i?i?i?i?i?if7????\??t?????????e????????????????????????*6to4mp???????????????????????????8??i????????h??????????????????????|?|?s??????@???? ?g?5??????????????????? ????????????????????"??i?????????n????????????????????SCSI Miniport????????i??????p???system32\DRIVERS\msisadrv.sys???????????????????NDIS Proxy??????system32\DRIVERS\mrxsmb10.sys????i?i?i?i?i???i??????????????????????????????????system32\DRIVERS\mrxsmb20.sys???????????????t???File system?????Net?????@%systemroot%\system32\wkssvc.dll,-1004??????????????????????????????????????????????????????????????????o?o?o??system32\DRIVERS\mrxsmb.sys???????<??i????????h??????????????????????????????????u??????????@%systemroot%\system32\wkssvc.dll,-1005?????????????????????GroupServiceMain??????$??i??????p???Net??j??Boot Bus Extender???????????????t????????r???o??????@%systemroot%\system32\wkssvc.dll,-1006????????????????g????????????????????@%systemroot%\system32\wkssvc.dll,-1007?????system3
Reg     HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export                                                                                    ???n????Sterownik stacji dysk?w CD-ROM??1?????"??j??????p?????$??j????????h?????????????????t?????????????????s??????????n??????????????????????????????????t???System32\Drivers\cng.sys????gendisk?????????????????????*6to4mp??y????2??j????????h??????????o???r??????????LocalSystem?????????????????????????@%systemroot%\system32\drivers\dfsc.sys,-101????TCP/IP Registry Compatibility????j??????????????????????????t?????????????????????????????????????????P??j????????h?????\SystemRoot\system32\DRIVERS\amdide.sys???????(??j??????p???System Bus Extender???????R??j???????????d??mshdc.inf_amd64_neutral_a69a58a4286f0b22?????j?j?j?j?j?j????????????????t????????????????????q?q?j????????????????????????R??j????????h?????????????????????\SystemRoot\system32\drivers\amdsata.sys?.???????p???????j??????p???SCSI miniport?????V??????????????d???j?j?j?j?j?j?j???????????????e????????????????????????????????????????????????????????P??j??????????????\SystemRoot\system32\DRIVERS\amdsbs.sys??.???????j??????????SCSI Miniport?????T??j?

---- Files - GMER 2.1 ----

File    C:\ADSM_PData_0150                                                                                                                          0 bytes
File    C:\ADSM_PData_0150\DB                                                                                                                       0 bytes
File    C:\ADSM_PData_0150\DB\SI.db                                                                                                                 624 bytes
File    C:\ADSM_PData_0150\DB\UL.db                                                                                                                 16 bytes
File    C:\ADSM_PData_0150\DB\VL.db                                                                                                                 16 bytes
File    C:\ADSM_PData_0150\DB\WAL.db                                                                                                                2048 bytes
File    C:\ADSM_PData_0150\DragWait.exe                                                                                                             315392 bytes executable
File    C:\ADSM_PData_0150\_avt                                                                                                                     512 bytes

---- EOF - GMER 2.1 ----