GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-20 19:17:14
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 SAMSUNG_HD080HJ rev.ZH100-41 74,53GB
Running: 11ntnd5u.exe; Driver: C:\Users\Maszek\AppData\Local\Temp\ufdiypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                        0000000076881401 2 bytes JMP 75caeb26 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                          0000000076881419 2 bytes JMP 75cbb513 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                        0000000076881431 2 bytes JMP 75d38609 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                        000000007688144a 2 bytes CALL 75c91dfa C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                           00000000768814dd 2 bytes JMP 75d37efe C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                    00000000768814f5 2 bytes JMP 75d380d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                           000000007688150d 2 bytes JMP 75d37df4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                    0000000076881525 2 bytes JMP 75d381c2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                          000000007688153d 2 bytes JMP 75caf088 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                               0000000076881555 2 bytes JMP 75cbb885 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                        000000007688156d 2 bytes JMP 75d386c1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                          0000000076881585 2 bytes JMP 75d38222 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                             000000007688159d 2 bytes JMP 75d37db8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                          00000000768815b5 2 bytes JMP 75caf121 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                        00000000768815cd 2 bytes JMP 75cbb29f C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                    00000000768816b2 2 bytes JMP 75d38584 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                    00000000768816bd 2 bytes JMP 75d37d4d C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                             0000000076881401 2 bytes JMP 75caeb26 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                               0000000076881419 2 bytes JMP 75cbb513 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                             0000000076881431 2 bytes JMP 75d38609 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                             000000007688144a 2 bytes CALL 75c91dfa C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                00000000768814dd 2 bytes JMP 75d37efe C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                         00000000768814f5 2 bytes JMP 75d380d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                000000007688150d 2 bytes JMP 75d37df4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                         0000000076881525 2 bytes JMP 75d381c2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                               000000007688153d 2 bytes JMP 75caf088 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                    0000000076881555 2 bytes JMP 75cbb885 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                             000000007688156d 2 bytes JMP 75d386c1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                               0000000076881585 2 bytes JMP 75d38222 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                  000000007688159d 2 bytes JMP 75d37db8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                               00000000768815b5 2 bytes JMP 75caf121 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                             00000000768815cd 2 bytes JMP 75cbb29f C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                         00000000768816b2 2 bytes JMP 75d38584 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                         00000000768816bd 2 bytes JMP 75d37d4d C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                       0000000076881401 2 bytes JMP 75caeb26 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                         0000000076881419 2 bytes JMP 75cbb513 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                       0000000076881431 2 bytes JMP 75d38609 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                       000000007688144a 2 bytes CALL 75c91dfa C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                          00000000768814dd 2 bytes JMP 75d37efe C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                   00000000768814f5 2 bytes JMP 75d380d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                          000000007688150d 2 bytes JMP 75d37df4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                   0000000076881525 2 bytes JMP 75d381c2 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                         000000007688153d 2 bytes JMP 75caf088 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                              0000000076881555 2 bytes JMP 75cbb885 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                       000000007688156d 2 bytes JMP 75d386c1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                         0000000076881585 2 bytes JMP 75d38222 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                            000000007688159d 2 bytes JMP 75d37db8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                         00000000768815b5 2 bytes JMP 75caf121 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                       00000000768815cd 2 bytes JMP 75cbb29f C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                   00000000768816b2 2 bytes JMP 75d38584 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                   00000000768816bd 2 bytes JMP 75d37d4d C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                             0000000073a917fa 2 bytes CALL 75c91199 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                         0000000073a91860 2 bytes CALL 75c91199 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                       0000000073a91942 2 bytes JMP 75d8c29f C:\Windows\syswow64\WS2_32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                      0000000073a9194d 2 bytes JMP 75d8418d C:\Windows\syswow64\WS2_32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                               0000000076881401 2 bytes JMP 75caeb26 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                 0000000076881419 2 bytes JMP 75cbb513 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                               0000000076881431 2 bytes JMP 75d38609 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                               000000007688144a 2 bytes CALL 75c91dfa C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                                                          * 9
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                  00000000768814dd 2 bytes JMP 75d37efe C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                           00000000768814f5 2 bytes JMP 75d380d8 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                  000000007688150d 2 bytes JMP 75d37df4 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                           0000000076881525 2 bytes JMP 75d381c2 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                 000000007688153d 2 bytes JMP 75caf088 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                      0000000076881555 2 bytes JMP 75cbb885 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                               000000007688156d 2 bytes JMP 75d386c1 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                 0000000076881585 2 bytes JMP 75d38222 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                    000000007688159d 2 bytes JMP 75d37db8 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                 00000000768815b5 2 bytes JMP 75caf121 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                               00000000768815cd 2 bytes JMP 75cbb29f C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                           00000000768816b2 2 bytes JMP 75d38584 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                           00000000768816bd 2 bytes JMP 75d37d4d C:\Windows\syswow64\kernel32.dll

---- User IAT/EAT - GMER 2.1 ----

IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef4a8741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                   [7fef4a85f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef4a85674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef4a85e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]           [7fef4a87f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]         [7fef4a86a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef4a86ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef4a87b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]           [7fef4a87ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]   [7fef4a878b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef4a84fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef4a85d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2560] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]     [7fef4a87584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2412:3144]                                                                                                                                                  000007fef355ac4c
Thread  C:\Windows\System32\svchost.exe [2412:3280]                                                                                                                                                  000007fef3c29688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                     ????-8??storage\volume?-C9??????????????????????WPD FileSystem Volume Driver????????????????????? ?????????????????????0????????????&????????????????????C???????????????????m??????????????????????????????????????????? ???????????????????s?0????????????????????? ?????????????????????0????????????&????????????????????6??? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????? ???????? ????????????0????????????&????????????????????1??? ?????????????????????0?????????????????????????????????????????????C??????????????????????"Tcpip" "{4FB25CA5-3CB1-4A79-93F9-F96C8FDBC6A3}"?"Tcpip" "{F2F45009-5BDC-4F57-B386-D4949C790AA0}"?"Tcpip" "{40850293-7CE0-45A3-BF48-B6E1822E4854}"?"Tcpip" "{33230448-3B1E-4E90-87CF-A6AD54B64026}"?"Tcpip" "{744C42B8-78C9-4165-B699-6BBF26590CFD}"?"Tcpip" "{69B045DD-F48A-4D51-992C-E5EB257483E0}"?"Tcpip" "{A21E84ED-C0FA-497F-A095-C12A0A265E45}"?"Tcpip" "{87A9A03A-1654-41E7-BBB2-08C760FEB806}"?"Tcpip" "{447A10E4-1AEF-4226-9891-A44908696DBE}"?"Tcpip
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                    ????????????????????????????te??? ???????@????????????????????$?N???????????????? ???????|?????????????:????????????&????????????????????M??Microsoft 6to4 Adapter??????????????????????????????????????????????????? ???????s???????????????????????????????3??????????6to4mp.ndi??14??? ???????@????????????????????$?N???????????{34679EC1-02DE-4C0D-9438-2DBDF9A61FA4}??????????????????????????? ???????3??????14??????????????????????????????????????????????? ????????????????????????"?????p???????????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ????????????????????????????$?N???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0210?????{D5C63D48-73D8-4ED9-9FD5-23A065D1B4A6}???-??????????? ??????????? ?????????????????????????????????????e????? ?????????????????????0????????????&???????????????????????? ?????????????????????0??????*?6??? ???????????????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp??????? ?????????????????????0????????????&????????????????????d??? ?????????????????????0???????????????
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                   ?????{??Net??????????y????????????????e??????????y???z??????TD??????11??????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|??????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|?????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|???v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@Fire
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                                                                                                             ????????hwdatacard??????????????????????????????????HUAWEI Mobile Connect - 3G Application Interface????????p???????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????b?????????????b?????????????HUAWEI Mobile Connect - 3G Application Interface????@oem3.inf,%qcomdevice00%;HUAWEI Mobile Connect - 3G Application Interface???????????????????? ?????????????????????0????????????&????????????????????????????????????????????????????????????????????e??{fd557e9f-dc04-11e1-b671-806e6f6e6963}??????tunnel??????? ???????????????????????????? ?*???????????? ?????????????????????????????????s????Composite.Dev???? ???<??????????t????????????????????????????<??????????????? ???????????????????????????u???h??? ??????????????n???6.1.7600.16385??????????????????????????usb\composite???????????????????????????????????????????? *?????????????????USB Composite Device????? ???????????????? ??????????? ?B??????????????????????????s?s??usbstor.inf?????? ????????????????????N?????????????????{ee
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                                                                                                            ?????1??? ???????n??????????????????????????&????????????????????e????????????????????X??????????t??{4d36e972-e325-11ce-bfc1-08002be10318}\0064?48??? ???s??????????????{4d36e972-e325-11ce-bfc1-08002be10318}????????8?????????????16??????????Microsoft????????y????????????????????6?????????????????? ??????? ?????P A??tunnel??????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0061???????N??????????????????????????*???e???????????4??7-??????TC???????????????2???????2???????????????????????|??????????dB???????????w??op??? p????????????las??? ???z???D?????S\v????X?????????????11????????N??????6?????D3E??*6to4mp??????????????????????0??D-??????????????????*6to4mp???????6???????????????????8??????i??????B2??????????text?z???????????????????????????????B??? ???????U???????????T?,??N?????$? ?<???????????????????????????????AF??????????????????? ???????6??????n6??6.1.7600.16385?ice??? P??????B?????FE7??? ??????????????????? .??????3?????Net??Microsoft 6to4 Adapter?614???.?T?T?T?T?T?T?T?T?T?T?T?T?T?T?|?T??????????? ?????
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                                                                                           ????????? ???????s??????????6to4mp.ndi??????? ???z??????????????????????51???????z??????????????? .??????s????????????`?????????????? ??????????????????6.1.7600.16385???????????z???i???????????????????????????????s???1???????????????????????????????????????????z?????????d?????????.???y???????????????????????h??nettun.inf???e??????#???? ?????????????????????0?????????????????????????????????????? ??z???F????cFF}??os???????y???o??????????????????????? ???????????????????f?0??????????????????????:?????????????????? ???????\?????nWo????B??????C??????????usb\class_08&subclass_06&prot_50? ??? 0?????????????????USB Mass Storage Device?9B??????????????????????C8??.NT?????.NT???????$???????????P?????????????????????????????.NT??????????????????????????@??????????????????Tc???????@??????????????????????????????cdrom_install???? ???@???.??????tb??????????????????s????????@??????????????? ???????&?????87&??? ??????????????????6.1.7600.16385??????????????????????????????????????????????? ???????????????????????????d?????
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                                                                                                                        ????????????{eec5ad98-8080-425f-922a-dabf3de3f69a}\0007?????????????????????????text????????????????? ????????????????????????????????????????????sIP6??{eec5ad98-8080-425f-922a-dabf3de3f69a}???????????????????y??????????????Type?(??????????????? ???????????????????????????????????????f??? ?????????????????????0??L????????? ??????{77????????????????swan??? ?????????????????????0????????????&????????????????????-?????????????????????????????g????????????\Device\{8090091C-2B33-4397-8BE5-FFE163857833}??69???}?}?}?t????????????????? ???????????????????????????????????????f????N??????1?????D@%??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?,-1??? ?????????????????????,????????z??????u?u??? ?????????????n????????????????????????????Type????{8090091C-2B33-4397-8BE5-FFE163857833}???h??Tcpip6?TCPIP6TUNNEL??????????????????????????????????????????u??????????????? ?????????????????????,????????????'????????????????????}??Root\*6TO4MP\0011???????????????????????\\?\Root#*6TO4MP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{80900
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                                                                                                                       ?????2???????2???????????????????????|??????????dB???????????w??op??? p????????????las??? ???z???D?????S\v????X?????????????11????????N??????6?????D3E??*6to4mp??????????????????????0??D-??????????????????*6to4mp???????6???????????????????8??????i??????B2??????????text?z???????????????????????????????B??? ???????U???????????T?,??N?????$? ?<???????????????????????????????AF??????????????????? ???????6??????n6??6.1.7600.16385?ice??? P??????B?????FE7??? ??????????????????? .??????3?????Net??Microsoft 6to4 Adapter?614???.?T?T?T?T?T?T?T?T?T?T?T?T?T?T?|?T??????????? ???????T???????????T??????????`????????e??{2E554CA7-9ADF-4C65-9127-46C12189A43E}??59????*??????\????dC84??Tcpip6?TCPIP6TUNNEL??3??\Device\{2E554CA7-9ADF-4C65-9127-46C12189A43E}??BB??? ???????T???????????T??????????<??????iNN??Microsoft 6to4 Adapter Driver???? ???????????????????T??????????"??? ???????????????? "?????????????????ndis5_ip6_tunnel????????????? ???????????????????????????????????????C??? ???????????????????y?????????? ????????????c???? ????
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                                                                      ????65??gencdrom????????E-?????????????????????d????????????? ???????{???????????{??????????F??? ???????????%SystemRoot%\System32\wiaservc.dll??????? ???????{???????????{?*?????????????????????????{???+??????????????0????????????????p???????????????????? ?????????????????????????????????????????????????? ???????n?????{????????????????V???????????? ???i???a?????ect??? ???????|???????????i?:????????????&???????????????????????? ??????????????????system32\DRIVERS\usbccgp.sys?usbccgp.sys??????4???????????????`??????e???C??*6to4mp???????N??????z?????{?z???{???????????{???????????{??????????? ???????{?????z???????,??L??????????????s??? ???????n?????{?? ??{????????$?????????v?????L??{?????????e????@%SystemRoot%\System32\swprv.dll,-103????{????V??{????????h?????%SystemRoot%\System32\svchost.exe -k swprv????????L??{?????????n????@%SystemRoot%\System32\swprv.dll,-102???? ???{??????????????LocalSystem?????????????????????????????????????t??????{???????{?????????????????????????{???????????e??? @??{?????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind                                                                                                                                  ????????text?e??HUAWEI Mobile Connect - 3G Network Card #6??????? ???????????????????????????????????????????????????????????????????????????????A??F4??????1.??9???? ?????????????????????0?????????????????????????????2???C??@oem3.inf,%qcomdevice00%;HUAWEI Mobile Connect - 3G Application Interface???hwdatacard??????????????#???? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????? ?????????????????????0????????????????????volume_install??????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????storage\volume??????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????@volume.inf,%msft%;Microsoft??????8??????9??????C0??????????? ?????????????????????0??????????????????????????????????????????????????????????AB8645}???? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????? ?????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route                                                                                                                                 ????????????????????????????? ???????c?????{0B??? ??????????????????????????????`????????e??? P??????0?????58-??{95E8824E-4861-457A-B05D-4D63CA21F297}??A0????*??????B????d"{D??Tcpip6?TCPIP6TUNNEL??0????`??????}???{??\Device\{95E8824E-4861-457A-B05D-4D63CA21F297}??FF???????????B??????BE??????????????????????????? ???????????????????????????????????????f????????????????D51}????N??????F?????D4C??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?15-??? ???????0?????????????,????????$?~?<???????????????????????????????6-??? ?????????????????????,????????z?????#AD6????$??????-???????5??Root\*6TO4MP\0125?????z??????C??????2F??\\?\Root#*6TO4MP#0125#{cac88484-7515-4c03-82e6-71a87abac361}?E??? ???????1?????????????,??N?????$?~?<???????????????????????????????9A??? ?????????????????????,????????????'????????????????????}????????????$??????3???????-??Root\*6TO4MP\0125????????????{??????3B??\\?\Root#*6TO4MP#0125#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{95E8824E-4861-457A-B05D-4D63CA21F297}?D4??????? ???????:?????????????:???????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export                                                                                                                                ????16???????m??????????????? ???????????????????????????????3????????????????????????/?????*6to4mp???????`?????????????*6to4mp???????????????????????????????????????????????????????????4??????t???e????4??????????????????????B?????????????????????????????d????? P??????d?????d?d??? ??????????????????????????????????R????l??????? ??????????int???????????4??????k??sy??? ???????c??????????????????????????? ?????????????????????0????????????????????? ???????|???????????k?:????????????&????????????????????s????N??????z?????z?z??????? ???z???????????????? ??????????e??????????????????9???????????????tunnel?e?7???????????D??????? ????????????????????????????????????????????s?????? ??G???????????xU??? ???????????????????????????????????????f??Microsoft???{318C4ABD-DD75-4283-B0D6-B07A6E5FA38F}??????? ???????r?????res??????????????????????????? ?????????????????????0????????????&???????????????????????? ???????????????????j?0??????*?4??? ??????ft ???????????r??????????? ??????Q???????????????Local Area Connection* 81??
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind                                                                                                                                    ????????? ?????????????????????0????????????????????????????? ?????????????????????0????????~?????????????????????????????~?????????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?-55??????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????????????????????????*6to4mp?????Microsoft????????????b??????????????\{???????????1??10??6to4mp.ndi??????? ?????????????????????0?????????????????????????????????????????????e???????????????????????????????????b??e???????????????? ????????????????????????????????????????????sFCE??? ?????????????????????0?????????????????????????????????6??????????????????????? ???????????????????????????????????????f??? ?????????????????????0??L????????? ??????B55??????????????????????? ?????????????????????0????????????&????????????????????\??????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????? ???????????????0?
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route                                                                                                                                   ????????????????? ?????????????????????0????????????&???????????????????????Microsoft???????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????@usbstor.inf,%genericbulkonly.devicedesc%;USB Mass Storage Device???USB\VID_12D1&PID_140C&REV_0000&MI_05?USB\VID_12D1&PID_140C&MI_05????????????? ?????????????????????0????????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ???????? ????????????0????????????&???????????????????????????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????????????cdrom.inf???????????????????????? ?????????????????????0????????????????????????????????? ?????????????????????0????????????????????usb\class_08&subclass_06&prot_50???????
Reg     HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export                                                                                                                                  ????????????w????{??????????????????{630c2ad6-f5cd-11e1-8f0e-dbb01020c32f}?\TC???????????p?????sC8??????????? ?????????????????????0????????????????????? ?????????????????????0????????.????????????????????i??os??????????? ??vi????~??????C??E9??Microsoft???????????? ?????????????????????0?????????????????????????????f??%m???????????1??85??USB\VID_12D1&PID_140C&REV_0000&MI_03?USB\VID_12D1&PID_140C&MI_03????{4d36e978-e325-11ce-bfc1-08002be10318}??????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????nettun.inf?ft ??????"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"????Zapisuje pliki instalacyjne u?ywane przy aktualizacjach i naprawach. Jest niezb?dny do pobierania aktualizacji Instalatora i zg?aszania raport?w programu Watson o b??dach.?????? ??????????????????????????????????????????????????0??????????????????????????? ??????????????????????????????? ??????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind                                                                                                                                      ????????? ???????Z?????????????0????????????&????????????????????-??? ?????????????????????0??????*?6??? ???????????????s????r????????????6?????????????Local Area Connection* 115?ED-????????????????????.?????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????~???????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp??????? ?????????????????????0????????????&????????????????????4??? ?????????????????????0????????????????????????????????? ???????i????????????????"?????p?n?????????? ?????????????????????0????????????????????? ?????????????????????0????????~???????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?5CD???????????1??C-???????????B????~??????????????????????T????????????~??????D??B5???????????????????????-??BB??? ???????i????????????????"?????p?q?????????? ????????????????????????????????????????????setB??????????????????????????????????????*6to4mp?, ??? ?????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route                                                                                                                                     ?????1??????????????????????????????tunnel??????Microsoft???????6A???????????-??68??????70??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter??6??{4d36e972-e325-11ce-bfc1-08002be10318}????????X??????i???t???????????????????????e??tunnel??????????02??????02??*6to4mp???????????????????N??????<?????D?=??????????????????????11?f?f???????????D?????s13??????????????????OR???????????????????.??????????Microsoft 6to4 Adapter #171?????*6to4mp?????????????????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}?ce\??{4d36e972-e325-11ce-bfc1-08002be10318}\0193?4B???????????????????A???????8??????????????????s.??????????tunnel???B??????????????? ?????????????????????0?????????????????????????????t??32??? ?????????????????????0????????????&????????????????????1??? ?????????????????????0????????????????????????????? ?????????????????????0????????~????????????????????????????c??\D????~??????9??4-??nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?8BA??*6to4mp???????~??????3??c9??*6to4mp????
Reg     HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export                                                                                                                                    ????????int?57??? ????????????????????????????????????????????sdri???????????0??10??????? ???????????????????????????????????????f???????????????????????????????r??12??????? ??????????????????????????????`???????????{9469395E-E6B3-47E6-B1AD-666398259DE0}??in??Tcpip6?TCPIP6TUNNEL??A??\Device\{9469395E-E6B3-47E6-B1AD-666398259DE0}??????? ??????????????????????????????<??????i??????<??????u??????Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ???????????? ???????-?????000??? "??????i?????end??ndis5_ip6_tunnel?y??? ???????????????????????????????????????m??? ?????????????????????????????? ????????????m???? ??????s????cers??Network Address?A/??????????????????? ?????????????????????0??L????????? ??????e10??? ?????????????????????0????????????&???????????????????? ??? ?????????????????????0????????????????????? ?????????????????????0????????~???????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp??? ??? ?????????????????????0????????????&????????????????????e??? ?????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind                                                                                                                                   ????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????????????????????????????????????318}\0186?63??????????*6to4mp?????????????????????????? ?????????????????????0????????????????????????{ac97ec42-3e66-11e2-8b6e-806e6f6e6963}?65E????N??????0????D306??????*6to4mp?r???? ???????h?????vic??HID_Inst????????????????????????????? /??????? ?????????}???? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????6to4mp.ndi?1a0???????????_??6b??HID_Raw_Inst????????????????????? ?????????????????????0?????????????????????????????0??D-????~??????B??31??????????? ???????Z?????????????0????????????&???????????????????? ??? ?????????????????????0??????*?6??? ???????\C???????????u????????????????????????????????????6??????a??er??Local Area Connection* 170???-??????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ??????????????????????????????<??????i87???? ??????F????c?De??@ne
Reg     HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route                                                                                                                                  ????????\Device\{4F63D027-3EBA-42B0-92CA-F20CE15FC51D}??"{??\\?\Root#*6TO4MP#0201#{cac88484-7515-4c03-82e6-71a87abac361}????? ???????1?????????????,??N?????$???<???????????????????????????????C1??? ?????????????????????,????????????'????????????????????}????$??????0???????4??Root\*6TO4MP\0201????????????8??????63??\\?\Root#*6TO4MP#0201#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{A826ECC8-53C3-4A8A-A079-E3E90A1ECD5D}?????? ???????????????????????y???y????<??????3??????Local Area Connection* 201?er????????????????????????e???????????????????????????6??3}??????????????? ????????????????????????????????????????????s?????? ???????????????????????????????????????f????????????????????????N????????????D????Unknown Device?A09??? ?????????????????????0?????????????????????????????????????s??? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????????????????????????????tunnel???????$???????r???????????????????u???u?
Reg     HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export                                                                                                                                 ????????????nettun.inf??????????? ?????????????????????0????????????????????6to4mp.ndi?2A6??? ???????????????d??Port_#0001.Hub_#0001?t??nettun.inf?53???????????????e????????????????????????????????2??????FC???????????????????????????e??sl??????????????????????????????????????????USB??s??????tunnel???????????????????????????}???t??????????Type?????????????????????????????????????0??}"???k???n???????????????????m??????????????????????????????????? l?????????????????????????Microsoft???????09???????????????????????4???h????X??????a???t??Port_#0002.Hub_#0001????6.1.7600.16385?y????????????????? ??????????????tunnel??????? ??????????????????????????????????????????int???????4Local Area Connection* 109???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6Microsoft 6to4 Adapter #101???????????????????????????????????????????????????????????
Reg     HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                         ???/?9???.???????/???o?????????n????? ???????/???????????.????????"??????????f????X??8???/???/??MEDIA????.??PCI\VEN_1002&DEV_4396&REV_00?PCI\VEN_1002&DEV_4396?PCI\VEN_1002&CC_0C0320?PCI\VEN_1002&CC_0C03?PCI\VEN_1002?PCI\CC_0C0320?PCI\CC_0C03???7???{00000000-0000-0000-ffff-ffffffffffff}????????N??.????????D?????{36fc9e60-c465-11cf-8056-444553540000}?????????4???4???4???.?.???????????.?????????????4???/???6???6???4???????????????????????? ????.??? ???8???e?????sna???????????????e??PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00?PCI\VEN_1002&DEV_43A0&SUBSYS_00001002?PCI\VEN_1002&DEV_43A0&CC_060400?PCI\VEN_1002&DEV_43A0&CC_0604?????.??? ??????? ;????????????,????????????&???????????????????????? ???????@?????z??????????????$?N????????????????????|?????????????? 8$?????? P??.??????????????{9B86AFC6-FB44-4F8C-94A4-29EE55B01ABA}????????*??.????????d?????Tcpip6?TCPIP6TUNNEL??F??\Device\{9B86AFC6-FB44-4F8C-94A4-29EE55B01ABA}??5-??????????????????????????\\?\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}????/?
Reg     HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                        ???.f2???T?[A????/???????4??????????????HID\VID_09DA&PID_0080\6&785cb2&0&0000????????/???5??????ge??\\?\HID#VID_09DA&PID_0080#6&785cb2&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}?4????t??/???i??????? ??\\?\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}?????"??/??????????????Root\SYSTEM\0000?????????/???????????????????/???e???????????????/???????????????????/???f??????? ???/??????????????????????????????`???`???????????d???d???????????????????? ????N??/?????????D????{00000000-0000-0000-ffff-ffffffffffff}?4?4???3?3?????/????N??/????????D????????????????????s????\\?\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}&{53172480-4791-11D0-A5D6-28DB04C10000}???IDE\DiskSAMSUNG_HD080HJ_________________________ZH100-41\5&71cdf3e&0&0.0.0??????\\?\IDE#DiskSAMSUNG_HD080HJ_________________________ZH100-41#5&71cdf3e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}?????z??9????????????????|??/???????????????????/????????????????V??/???????????????????/???????????????????/?
Reg     HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                       ??????????*??????_??????????????Microsoft???? ?????????????????????????????? ???????????????????? ???????@?????y??????????????$?N???????????????? r?????????????????Net??y??Microsoft 6to4 Adapter???????????????-??????????V????????????????????????e??do??????????*6to4mp?????{9732C78A-C050-4745-BD84-13B004F1D3D3}??????11???????????????????????????????????????????e???????x???2???????2??? ???y???????????????z????`?????????????????????????????????????? P?????????????????nvd3dumx,nvwgf2umx,nvwgf2umx?nvd3dum,nvwgf2um,nvwgf2um??o4????????????????????s??????????????P????????n?????Net?????13?}????tunnel???????????????0????d?61??? ???z???????????????????y???4??????????Net?????? ???y????????????????f??????????????????????.??????????HID\VID_04D9&PID_1702&MI_00\7&29aa90f5&0&0000???Net???????<??????f??????Net???????????#K????*6to4mp?????nettun.inf?53???6to4mp.ndi??13??????????????????????HID\VID_09DA&PID_0080\6&29597614&0&0000?????6.1.7600.16385??28??? .??????8??????49????`??????2???2??Net??????????+??????????????tunnel?2?8?
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                                                                                                 ?????????h?j?s???????h???s??ep??????????%SystemRoot%\System32\srvsvc.dll??????\??h?????????e????? B??h???????????????????????0??0?????X??s?????????e????????"{5C40C849-0AED-45E5-BC55-6B1E31375337}"????\Device\lltdio_{5C40C849-0AED-45E5-BC55-6B1E31375337}???????????????????????????system32\DRIVERS\mouhid.sys?\mouhid.sys????????????????g????System32\drivers\mpsdrv.sys?????????????????????Tcpip???????system32\DRIVERS\mouclass.sys?ouclass.sys?????????????????????????b??h?????????e??????P??h?????????e??????8??h????????h???????(??h??????p?????P??h?????????e?????????h????????????"??h?????????e????System Bus Extender?????Base????@%SystemRoot%\system32\drivers\mountmgr.sys,-100????Network?????NDIS?:??Mouse HID Driver?????????????:???:????<??h????????h?????network?????NDIS Proxy???????????j??????p???????????????????????????NDIS?????????????????????????h?h?h????0??h??????p???Mup???????6??h????????????????????????N??h????????h?????system32\drivers\modem.sys??????????????????????@%systemroot%\system32\drivers\luafv.sys,-1
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                                                                                                ?????????????????j??????p???SCSI Miniport?????V??j???????????d??iastorv.inf_amd64_neutral_18cccb83b34e1453???????j?j?j?j?j?j?j?????????????g????????????????t?????????????????????????????????????????N??j????????h?????\SystemRoot\system32\DRIVERS\iirsp.sys?dul???????j??????p???SCSI Miniport?????R??j???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1?????j?j?j?j?j?j????????????????t?????????????????????????????????????????T??j????????h?????\SystemRoot\system32\DRIVERS\intelide.sys?????(??j??????p???System Bus Extender???????R??j???????????d??mshdc.inf_amd64_neutral_a69a58a4286f0b22?????j?j?j?j?j?j?j?????????????g????????????????t?????????????????????????????????????????T??j????????h?????\SystemRoot\system32\DRIVERS\intelppm.sys?????.??j?????????e????Intel Processor Driver???????????j??????p???Extended Base???????????????t?????N??j???????????d??cpu.inf_amd64_neutral_ae5de2e1bf2793c3?????????????????g?????j?j?j?j?j?j?j?j????? F??j??????????????%SystemRoot%\System32\iphlpsvc.dll??????????????????????????????? ?
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                                                                               ?????????s????????????????????n??????????s??????????????????LocalSystem?????<????????????????<????????????????<??????????? ??s????????????????????????????????????????j??s???????????????s??????*????????????????????????s????????????????????P??s?????????e?????s???????????????????????????????????????????????????????????s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?s?????????????????????????????????&????????????????????????!??????"?????????????;??????????????????????????????????????????????????????????????*???????????? ???????n?????s?? ??s????????$??????????v??@%SystemRoot%\System32\hidserv.dll,-101??????????s????????h?????%SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted?????P??s?????????n????@%SystemRoot%\System32\hidserv.dll,-102?????? ???s?????????????????s0????s??????????????????????????????????t??????s???s?????s?????? ???????????????????????????????? D??s???????????????????s????????????????????,??s???????????????????????????????s??????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                                                                                            ?????h??Network??????????????*???*??FSFilter Virtualization?????NDIS??????<??h??????????????????????????t???rdbss?????????N??i?????????e????srv2??????T??h???2????????????????????????????<??h????????h???????????????????????`??h???????2???????h???????????????????????????????h??????????NDIS?~????n??h???????n???????????2?g?2??FltMgr??????udfs??????b????????????n?????v?v?z???s?t?s?????z?~??\Device\{5C40C849-0AED-45E5-BC55-6B1E31375337}??ip??????????????????????????????t???Base?#??????????????t????h??????????????System32\drivers\mountmgr.sys???Network?????????????????t?????P??s?????????n??????\??h?????????e????system32\DRIVERS\mrxsmb10.sys?????8??h????????h???????P??h?????????n????Base?$??@%SystemRoot%\system32\FirewallAPI.dll,-23092???????????????t?????????????????????\????????????n????????????????????? ??????????????????@%systemroot%\system32\wkssvc.dll,-1002???????P??s?????????e???????i????Base?#???????h???????????????h??????????????????????t???? ???????3?????A}??????????????g?????????i??????p???@%systemroot%\s
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                                                                                           ????????%SystemRoot%\System32\srvsvc.dll??????\??h?????????e????? B??h???????????????????????0??0?????X??s?????????e????????"{5C40C849-0AED-45E5-BC55-6B1E31375337}"????\Device\lltdio_{5C40C849-0AED-45E5-BC55-6B1E31375337}???????????????????????????system32\DRIVERS\mouhid.sys?\mouhid.sys????????????????g????System32\drivers\mpsdrv.sys?????????????????????Tcpip???????system32\DRIVERS\mouclass.sys?ouclass.sys?????????????????????????b??h?????????e??????P??h?????????e??????8??h????????h???????(??h??????p?????P??h?????????e?????????h????????????"??h?????????e????System Bus Extender?????Base????@%SystemRoot%\system32\drivers\mountmgr.sys,-100????Network?????NDIS?:??Mouse HID Driver?????????????:???:????<??h????????h?????network?????NDIS Proxy???????????j??????p???????????????????????????NDIS?????????????????????????h?h?h????0??h??????p???Mup???????6??h????????????????????????N??h????????h?????system32\drivers\modem.sys??????????????????????@%systemroot%\system32\drivers\luafv.sys,-100????????h???????4?????????????
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                                                                          ????????@%SystemRoot%\system32\drivers\fileinfo.sys,-101??????b??r?????????n?????????r???0???????????j???????????e??????????????????????*6to4mp??~??%SystemRoot%\System32\umpnpmgr.dll??????????????????????????? ???????q???????????r??????????N????????c????N??r??????????????{BBE94F36-F8DC-4C33-8227-81602B7A3D53}???????r??? ???????q???????????r???????? ?>???????r?????>??r??????????????%SystemRoot%\System32\umpo.dll???????r??????????????????????? ???????q???????????r???????? ?F?????????????????F??r??????????????%SystemRoot%\System32\netevent.dll???????????????????????????r?r????? ???????q???????????r???????? ?N???????t?????D??r??????????????%SystemRoot%\System32\ntprint.dll????????????????????????r?r?r???r?r?????r????????????????N??r??????????????{747EF6FD-E535-4d16-B510-42C90F6873A1}??????? ???????q???????????r??????????N?????????????????????N??r??????????????{5B33145C-1C66-49F3-B4CA-F563C165F2C0}???????r??????????????????????? ???????q???????????r???????? ???????????r??????????r??????????????%SystemRoot%\System
Reg     HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind                                                                                                                                      ???????????? 3???????????????4????????????\??????????????????????5???????????u?????????"?????????m???????????????????l??????????????11?745??{36fc9e60-c465-11cf-8056-444553540000}??????{00000000-0000-0000-ffff-ffffffffffff}??????? l?????????????????? l?????????????????????????? ???????m?????m?????m????????????????????????sros??\??\USB#ROOT_HUB#4&eb66714&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}??4??? ???????m?????????????,???????????????d???????m????? ???????m???????????????????????????????f???m?m?8???m??? ???????m?????m???????0??L????????? ??????????????m???m???m???m?m??? ???????m?????m???????0????????????&???????????????????????? ???????m?????m???????0????????????????????? ???????m???????????m?0?????????????????????????????????????????m??????????usbport.inf:Generic.Section.NTamd64:ROOTHUB.Dev:6.1.7600.16385:usb\root_hub??????m?m???????m????? ???????m?????m???????0?????????????????????m?m????????? ???????m???????????m?0?????????????????????????????????????????m???????????????8?????m????? ???????m?????m???????
Reg     HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route                                                                                                                                     ????s?????N???????????D?????11?5C4???|???????????????????????????d??11??D9???????y???????????{????X??????{???t???????????????????{?????????????????????????????????????????????s????????$?????????????m?????????os??%systemroot%\system32\w32time.dll???? H?????????????????gencdrom????????????? ??????????????? ???|????????p??????????????4??????????di??? ???g???&???????&??tunnel??"{??*6to4mp?6E??int?ri???????????????????????????????????????e??6-21-2006????????????????????????|??????t???? ???????{?????????????9?????????????????????????????????a??????am??? ???????{???????????{?9??????(?h????????k??? F??{??????????e???%SystemRoot%\System32\wshtcpip.dll????????????????????????h???????????????????????h???????h??{???0???g??????????????????????????????????????????????????????????????????????????????????? ???????{???????????{?9????????V??????????e??????4??{??????e???CloseTcpIpPerformanceData?????8??{???????t??CollectTcpIpPerformanceData???????F??{???????y??%SystemRoot%\System32\Perfctrs.dll????????2??{??????????OpenTcpIpPe
Reg     HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export                                                                                                                                    ????????????????????????*6to4mp??????????:???????9????????????????????????N??????d???????????????????B????????????????????????????R??????????????d????:???????????h??????????????????????????????????????t?t?????????t????????????V????????????n????????????????????????????????????????????????????????11??????? ?????????????????????????????? ???????????????Type?????? ???????????c?????Network Address?????? ?????????????????????????????? ????????????? ???????????c??????????????????????t??????????????????int??????????????????e??tunnel????????<?????????????Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ???????????? ??????????????????tunnel??????? "?????????????????ndis5_ip6_tunnel????????????????????????????????????????????*6to4mp?????? ????????????????????????????????????????????s?????????????? ??????????????x?????8?????????????????Microsoft 6to4 Adapter #475?????????????????????????????????????????Microsoft???nettun.inf??????? ?????????????????????0??L????????? ???????????? ?????????????????????
Reg     HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind                                                                                                                                        ?????????????u????X????????????????????????m????????? ???????j?????k?????j???????????????????????O??WAN Miniport (IP)???? ???????k???????????j??????????b???????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????ROOT\VOLMGR?????????????Volume???????????o??????p??????k?&???????k??????? ???????k???n??p????????????????????????k???a??pv???????????????????????k??????????WAN Miniport (IPv6)?????ms_ndiswanipv6?wan???????????v??????? ???????j?????k?????j?????????????? ???????R???6.1.7600.16385??????? ???????k???????????j??????????b???????????? ???????l?????k???????0????????????&???????????????????????netrasa.inf?????ms_ndiswanip?????k?????k?&???????????????????????k???????1??????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0004?as??? ???k???????????????????????k???????s??Microsoft???? ???????j?????k?????j?????????????? ???????C???{4d36e972-e325-11ce-bfc1-08002be10318}???????????&?????k?&??? ???????k?????k???????0???????????????????????k???k???????k?????k???k???????????????????3??@netrasa.inf,%mp-ipv6-dispn
Reg     HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route                                                                                                                                       ????s???Net?38??@????????????????????????????????????????????y???????????|???????????????????????????????B???????????????????|???????????????|??????????????? ???????n???????????|??????????V?????????????????????????????????????????????????P??|????????h?????\SystemRoot\system32\DRIVERS\umpass.sys???????0??|?????????e????Microsoft UMPass Driver??????????|??????p???Extended Base????|?|?|?|?|?|?|????V??|???????????d??eaphost.inf_amd64_neutral_4506dea11740c089??????? ???????n?????|?????|????????$???????????????R??|?????????e????@%systemroot%\system32\upnphost.dll,-213?????????|????????h?????%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation???????R??|?????????n????@%systemroot%\system32\upnphost.dll,-214????? 4??|??????????????NT AUTHORITY\LocalService???????????????????????????????????t?????X??????|???t?????? ????????????????|???????????e??SSDPSRV?HTTP??????,??|????????????????????????????????????b??|??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????|?|?|?|?|?|?|?|?|?|?|?????
Reg     HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export                                                                                                                                      ??????????N????????????D????????????????????????????????????????text?l????????????????????????b????????????n????????????????e????????????????????????????????????????????s??????????Type????tunnel??48???????????B??????????????????????????????????????????????????????????????????????????????????*6to4mp??????????:???????9????????????????????????N??????d???????????????????B????????????????????????????R??????????????d????:???????????h??????????????????????????????????????t?t?????????t????????????V????????????n????????????????????????????????????????????????????????11??????? ?????????????????????????????? ???????????????Type?????? ???????????c?????Network Address?????? ?????????????????????????????? ????????????? ???????????c??????????????????????t??????????????????int??????????????????e??tunnel????????<?????????????Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ???????????? ??????????????????tunnel??????? "?????????????????ndis5_ip6_tunnel????????????????????????????????????????????*6to4mp????
Reg     HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind                                                                                                                                          ???i?????????i??????????????????e?????X??????t???????d???????i???;???????????;???????????????????????????i?????????????????e??????X??????????????????i???;???????????????;??????????Network??????u???i??????????????t???tunnel??????????????????t?????????????????????????????????????????T??i????????h?????\SystemRoot\system32\DRIVERS\SiSRaid2.sys????i??????????????? ???????h?????i???????0????????????????????? ???????i???????????h?0?????????????????????????????????????????@???????e???i?i???????i????? ???????j?????i??????????"???&?z????????????D??@mshdc.inf,%idechannel.devicedesc%;IDE Channel??????Net?????*6to4mp?p6????????????????t?????*6to4mp?????USB?????{4d36e972-e325-11ce-bfc1-08002be10318}?e?e???????????????h??????????????????????????????? ???i??????????s???tunnel?- 3?????i??????????N??????{??????65??Net?????USB?????*6to4mp??&??USB?????*PNP0600??????N????????????D??????N??????|?????|?|??tunnel???????????????????????????????????????????????0?????0?0??@mshdc.inf,%idechannel.devicedesc%;IDE Channel????????N??i?????
Reg     HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route                                                                                                                                         ???i?i???????i???;???????????????;???????????????????????????????i???????????6???????????????????????{???{???????i??????????????t???????????Video????????????y???????i????????????????e???????????????????s??????z???i???????????????i???r?????P\M???????i??????p????????;???????z??PNP_TDI?????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@snmptrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|???????????????????????<??i?????????? ????????????????d??Net??i???????i??????p???SCSI Miniport?????X??i???????????d??sisraid2.inf_amd64_neutral_845e008c32615283?????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31023|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|???v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.e
Reg     HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export                                                                                                                                        ???v?????v????R??v?????????n????@%SystemRoot%\system32\schedsvc.dll,-101????? ???v??????????????LocalSystem????????? ???????????????????????????????????????????t????????????????????????? ??v???????????e??RPCSS?EventLog???????x?x?v???v????,??????????????????v???????v??????????????????SeIncreaseQuotaPrivilege?SeChangeNotifyPrivilege?SeAuditPrivilege?SeImpersonatePrivilege?SeAssignPrimaryTokenPrivilege?SeTcbPrivilege?SeRestorePrivilege?????v?v?v?v?v?v?v?v?v?v?v?v?v??? ???????v???????????v????????,?F??? ???????????? F??v??????????????%systemroot%\system32\schedsvc.dll???????????????????????????????????v?????????n????ServiceMain?????? ???????v???????????v???????????????????????????v??????????????????0????????????????`???????????????????? ????????????????????? ???????????????????? ???????n?????v?????v????????$????????????c??????P??v?????????e????@%SystemRoot%\System32\certprop.dll,-13???????Z??v????????h?????%SystemRoot%\system32\svchost.exe -k netsvcs?????v?v?v????P??v?????????n????@%SystemRoot%\System32\certprop
Reg     HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind                                                                                                                                       ???0?????????????????????h??????e????u??? ???????|???????????:?:????????????&????????????????????8??? ???????4?????A4E???????????0?????evi??? ???????,?????0?????0????????????<????????2cy??? ???????0???????????0??????????N???????{8??{8ECC055D-047F-11D1-A537-0000F8753ED1}??? ??@%systemroot%\system32\srvsvc.dll,-104?0?4??? ???????&???????????0?????????????????????e????? ???????,?????0?????0????????????;? ???????????? ???????0???????????0??????????N???????ad??LegacyDriver?0????N??0????????DCC0??{8ECC055D-047F-11D1-A537-0000F8753ED1}???0??? N??0?????????94x??@%systemroot%\system32\srvsvc.dll,-102???0???0?0?0?0?0?0?????????????0?????????????????????????????????????????s???????????????????s?????????4???????????????????????0?????s?0?????????????????sC0???????????D?????s-0???????????}?????s? ?????????????????sad???????????0?????s?0?????????????????s???????????????????sN??????????????????s??????????????????????????X??????????7?????????????????s?0??? ???????4?????5???????0????????????&???????????????????? ???5?5?????5?
Reg     HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route                                                                                                                                      ???i????Base?#???????h???????????????h??????????????????????t???? ???????3?????A}??????????????g?????????i??????p???@%systemroot%\system32\wkssvc.dll,-1003?????????????????t???Network?????????????????????????@%systemroot%\system32\wkssvc.dll,-1004?????system32\DRIVERS\mrxsmb20.sys??????????????g????????????????t???nvlddmkm?????s?s?s???????????????????s?s?s????????????????????????P??h????????h?????\SystemRoot\system32\DRIVERS\lsi_fc.sys??4??Network??????????h??????p???SCSI Miniport?????T??h???????????d??lsi_fc.inf_amd64_neutral_a7088f3644ca646a????h?h?h?h?h?h;I??????????????t?????????????????????????????????????????R??h????????h?????\SystemRoot\system32\DRIVERS\lsi_sas.sys?0???????h??????p???SCSI Miniport?????V??h???????????d??lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4???????h?h?h?h?h?h?h??????"??????g????????????????t?????????????????????????????????????????T??h????????h?????\SystemRoot\system32\DRIVERS\lsi_sas2.sys????????h??????p???SCSI Miniport?????X??h???????????d??lsi_sas2.inf_amd64_neutral_e12a5c4cfbe4
Reg     HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export                                                                                                                                     ???{?????????????v?v?i???????i??????????????????SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege??????????????????????????????i?i?i?i?i?i?i?i?i?i?i?i?y??system32\DRIVERS\vmstorfl.sys?????V??i?????????e?????????i????<??i????????h??????????????????}?~?z????????????????????????????6??u????????h??????????i??system32\DRIVERS\tdx.sys?vers\tdx.sys????q?y?q???q???????????}???????????????????????{??@%SystemRoot%\system32\tcpipcfg.dll,-50003?0001??????????z???????i??????p????????????}???|??????????6-21-2006???????????Base??????????????\????????????????????????????????????????????????????g????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|?????????i???;???????????;???i?i?i?i?h?i?i???????????????????????????i???????????????????i???;?????????P?;???????i???????i???;???????????;??*6to4mp?Ty???????????i???????i???????i?????????????P???????

---- EOF - GMER 2.1 ----