GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-02 22:31:07 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22A23T0 rev.01.01A01 232,89GB Running: qomsl64y.exe; Driver: C:\Users\Kajtas\AppData\Local\Temp\kwrdapob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13F9 83882829 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 838A7132 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ?????????u???????t????????????????????????????????m?????????????????????text??????N?????????????????????????????????????????*6to4mp?76?????????????????????????a????Karta Microsoft 6to4?????????????????????????????????????????????????????????????????????????????????}???????????????l??????? ????????????????????????"?????l?7?????ro??? P?????????????????@nettun.inf,%msft%;Microsoft????{4d36e972-e325-11ce-bfc1-08002be10318}\0096?????{4d36e972-e325-11ce-bfc1-08002be10318}\0091??8???????p???????????????n???????e??????????????????*6to4mp??e??????????AB???????????????????????????????-?????e95????N?x???????????????HUAWEI Mobile Connect - USB Device (COM10)???????????????????????????????????????7????????mE0B???????????????????}??s3??TCPIP6TUNNEL?Tcpip6??????????????????????????n??? l??????i?????icr??text??????N??????}?????D??????N????????????D66??? ???????????????e???????????????????????????????????????????????s??????? ????????????????????????"?????l?4???????????*???????????d???????N??????c??????????input.inf???.NT?46? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ?????t??Karta Microsoft ISATAP #3?????:????????g???????????????????????? #219???????? ??????????????e???{4d36e972-e325-11ce-bfc1-08002be10318}??????????????????-9??@%systemroot%\system32\wkssvc.dll,-1002?1D??@%systemroot%\system32\wkssvc.dll,-1004?? ??? P??????D?????S\p??@%systemroot%\system32\wkssvc.dll,-1006?? ??Security Driver?????????????? ???????4???????????S??????????????????????????????\0??@nettun.inf,%msft%;Microsoft?????????????2???e??? p?????????????????????????????????????????????????????????????ne??????????????????@nettun.inf,%isatap.displayname%;Karta Microsoft ISATAP?????16??????????sE??????????????????3D???????????????????????????3??}???????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}????????N??????v??????????? ???????k????????????????????????!?????????????????????????????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0277?}???????????7????????????????????????????????????o??????????????????????????????????}???6t??????????Microsoft????f?f?f?g?g?g?g?h?g?h?h?k?k??@hal.inf,%acpia Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ????????????? ?????????????????????1????????????????????WUDFCoinstaller.dll??E??????? ????????????????????????"?????X???]???????????????????????????????????????????????????? ??????????????????????????????>??????icl??Sterownik karty Microsoft 6to4??z???? ???????i?????ft???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=PeerDistSvc|Name=@peerdistsh.dll,-10002|Desc=@peerdistsh.dll,-11002|EmbedCtxt=@peerdistsh.dll,-9001|????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=PeerDistSvc|Name=@peerdistsh.dll,-10003|Desc=@peerdistsh.dll,-11003|EmbedCtxt=@peerdistsh.dll,-9001|????&???????3???????????????????????&???????8???????????????????7??????????????????????system32\drivers\Wdf01000.sys????????????S??? ???????@????????????????????$?N???????????Packets Accumulation Timeout [usec]?????????????????????dword???? ??????????????????????????????F?? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3181D7EC-C157-40EF-9876-5A43BEA897F2}@InterfaceName isatap.{087ED305-0D74-4EEC-A414-925E6D825C4A} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3181D7EC-C157-40EF-9876-5A43BEA897F2}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ??????????N????????????????n?????????????????????????????????????????????????????@???????????@??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????1025&REV_C0\4&37F4157A&0&00E5???????????*?sw\{????????????????0000???????????v??????????????????????????t????????????????????????????1??????????? ???????c??????????6.1.7600.16385???????????????u?????????????????? ????????????????h????`?????????????????????????????????????nettun.inf???h??? P??????n?????ft%???????????????p???e???????????1??????????*6to4mp?6???????? ???????_??????????Sterownik karty Microsoft 6to4??????? "?????????????????????????????????Typ?????{8013F67A-5921-47C9-B371-BEAB578B27B9}???4??????????????????????? ??????????? ??????????????????????????????????????????? P???????????????????????????????????????$???????????????????>?????????????? ???????4?????84????????????u??????????????????? ????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????????????? ???????????????????A?,????????????????? ??? ???????????????????U?,??????????????#???????$??????f???????P??????????????????????Root\*6TO4MP\0038???????????#???? ???????T?????T?????B?,????????z???g????????????????????????????????????????????????????}??Root\*6TO4MP\0033?????$??????5??????????Root\*6TO4MP\0035???????????????????????????#???? ???????????????????T?,??????????????#385??Root\*6TO4MP\0034???Root\*6TO4MP\0036???Root\*6TO4MP\0037?????$??????5???????F??Root\*6TO4MP\0040?????????????????????$??????????e??????????????????? ???????T???????????T?,????????z???g????????????????????????????????????????????????????}???????????3??????FF????$???????????????????????????????????????$??????5???????9??????????? ???????????????????T?,????????????????????? ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????#???? ???????T???????????T?,????????z???g????????????????????????????????????????????????????}??Root\*6TO4MP\0041?? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????????????????? ????????????????????????????????N??????}???????~???????????_???????????????????u????????$??????n???????????????'???????????????h??????????COM8????? ??????????????????????????? ???{???F??????08???????B???????????? ???????????????????????????????????????$??????M???????t???????u??????????????????int?????? ???????3?????0?????????????8?????e-F??nettun.inf??????????????? ????????????????????????????(? ?????????????s?????? ??????????????d????????????0??__??????????????????????????????????????????????????????????????? ?????????????????????-??????$????????F????????????????????????????????????????????????????????????????????? ???????????????????????????????????????f??????????????? ?????????????????????1??L????????? ???????? ??????????????????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????>?????????????>?????????????usbcdcacm_6&2c654e28&0&0002_00??????????????????????????????????????? ????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????ic??int?????? ??????????????????????????????`????????e??????????????? P??????A?????08-??{5E3530D5-7CA6-4474-8DCD-5EC6ADB98FBD}??{4????????*??????1????d4-4??TCPIP6TUNNEL?Tcpip6??b????????????`??????E???0??\Device\{5E3530D5-7CA6-4474-8DCD-5EC6ADB98FBD}??DE??????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{932A074E-9166-4F4A-B370-5ADC7D0EAA90}] SEQPACKET 186???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{932A074E-9166-4F4A-B370-5ADC7D0EAA90}] DATAGRAM 186??????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????? ?????? ??????????????????????? ???????o????? ??a???????e??? ????????????????????N??????????????a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a????? ????????????????????????"???????????????????????N????????g????? ???????a???????????a?,?????? ?:???&?????????????????????????:?????????????????LocalSystemNetworkRestricted??????8??????8??????????%windir%\system32\DFDTS.dll?????? ???????a?????????????,??"?????????&????????????????????P??? ?????????????????????,??????????????????????s?????? ?????????????????????,????????N??????1????{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}??????? ?????????????????????,??P???P??????????????n???(??????????????????????????????????????????????? ???????????????????a?,????????????(????????????????????????????????6??l-???????a??? ??????{fce3a9de-15fb-11e3-aa9e-60eb6935bab0}??????????????????????????????? ???????b?????????????.????????*???&????????????????????}????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????Po??czenie lokalne* 26??????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?F&???? ???????1?????????????,????????$?????????????????????????_??????????d?????$??????????????????????????????e??????????????5???\Device\{2F388B2C-98FB-4710-9376-9B42E6688ECC}??E9????????????????????$?????????????????Root\*6TO4MP\0238????????????y???e???e??????\n??Adres sieciowy??Tc??? ????????????????????????"?????l? ?????????Po??czenie lokalne* 18??55??11??????? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????? ??tB??Microsoft????????????p???????4??????06????????????????????*?????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????????????? ??????????????n???????????????????? ?????????????t?????p??????????>???????????? ?????????????o?????????????????????????R??? ???????????????????m???????????????????????8??? ???????????????????n????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ????????????????????? ?????????????????????1????????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????????????????????13???7??? ???????z?????????????1????????????????????? ?????????????????????1????????????????????? ???????@????????????????????$?N????????????????????l?????????iec?????????????????? ?????$?????? ??????????ROOT\*6TO4MP\0140????????????????????????????????????????????????????????????????????????????????S??????????????????????????????nettun.inf?6B-??? ??????????????????6to4mp.ndi??????? ???????????????????????????????????????8??????C5??????????????????? ????????????N?????????????????????????{8DAB51BD-A288-43BA-A878-FE4FB39ADC4E}??????????????????????????????48??????os??t???? ???????????????????????????D??????????????????????WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GPLUS&PROD_GPLUS_MASS_STROA&REV_GE01#20110919&1#?????????????????????????\\?\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GPLUS&PR Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????????????????????????????????????????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????B??6E???????????5??6F??? ???????? ????????????1????????????&????????????????????A?????????????????s????? ?????????????????????1????????????????????????????? ?????????????????????1?????????????????????????????????????B??0E???????????A??A3??? ?????????????????????1????????????&????????????????????{??? ?????????????????????1????????????????????????????? ?????????????????????1?????????????????????????????????????9??}"???????????-??A9??\\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_GPLUS&Prod_GPLUS_MASS_STROA&Rev_GE01#20110919&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}????????????5???5??????????3C???????????2??????STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GPLUS&PROD_GPLUS_MA Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ????????????????????????????int?el???n??tunnel??????????????????????Microsoft????????e????????????????????????N??????????????????????????u???????????t??? ???????????????????????????????????????5??? ?????????????????????1????????????????????????????????????????6.1.7600.16385?o4m??????????????????text????? ????????????????????????"?????l?X?????????? ????????????????????????"?????l?Y?????C0???????????1??????}????????????t?????e????????? ????????????????????????????????????????????s?????? ??V???????????x???? ???????????????????????????????????????f??? ?????????????????????1??L????????? ??????6F5????????????????u!??????*???????????d?????? ??????????????????usbstor.inf??????f?f?f?f?????g??????????????13??6.1.7600.16778??????????????????????????????????????????????x????????????E???e??? "?????????????????d????????????????? ???????????????????????????????????????????????????????????????????*?????????????????? ?????????????????????1????????????????????? ?????????????????????1??????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 4226 Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ?????????????????????????????????????????????D??????{5????N??????4????D36?????N??????c???????????????????????????????????????????l??????????d???????????????????????????????????6to4mp.ndi??????.NT?????\Device\{0CF53DA9-67C7-4AD3-8BD3-005BCBDE11E3}???????????????????????\???????????????????s???????????????????????????????e??????????????s?????????????????????????????*??????2?????18}??oem17.inf???????????????????????????d????????????;???;??TCPIP6TUNNEL?Tcpip6?????????????????????? ?????????????????????1????????????????????tunnel??????? ???????@????????????????????$?N???????????6to4mp.ndi?unn???????????????????????????????????????????????????????????????????_??????????????????ROOT\*6TO4MP\0141?????`?????????????????:*??????????????? ???????????????????????????????????????????????????e???????????_??????????? *??????????????????????????????????????????1????????????>??????e??????????????? ???????1??????????????el???????????????????????????????????????????????????????f??????????????????????????? ????*??????2?????18}? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????????? ??????? ??????tD??nettun.inf???d??? ???????n???????????????????????????????????????????????c??????????????????Microsoft???????-2????????????4?????????????????????????????Typ?????? "??????f??????????? ??????????????????? ???????_??????? ????????????`?????????????????????? j?????????????????USB??????????????p???e??? ???????l??????????USB\VID_04E8&PID_681D\5700f09176da??????????????????? ???????8?????10A??????cp????????:?????????????????????????????????*isatap?????? P?????????????MS???????????}??????? ??????????????????ip??11??????????????????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0A127593-716B-4A73-A82B-4298FD121A08}] SEQPACKET 72????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\ Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ?????????????????????????????????F??nettun.inf???????????????1??????? ??y????}??????????Microsoft???????????????j????a??????????ndis5_ip6_tunnel??????????????$??????k???????????????????f?g?????????????????????????????????e??????3-??????????*6to4mp?1C??oem19.inf????i?i???v??????????????????????????????????*??????o???????????????????N??????????????????????????9.??f????????????2???????????????????????e???????????????????????????B??????????????????? ???????1?????????????,????????$?R?????????g????vwifimp?06??????????????????OM?2B9??B9????????????????????????????????????r?????????????????????????????????????????????ksfilter.inf????????????????????? V?????????????????SW\{ddf4358e-bb2c-11d0-a42f-00a0c9223196}?????????N????????????D??????X?????????????????????????????????? ???????????????????????????????????????f??? ?????????????????????1??L????????? ???????????????????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????ksfilter.inf:Microsoft.NTx86:MSTEE:6.1.7600.16385:sw\{cfd669f1-9bc2-11d0-8299-0000f822fe8a}?????????????????????????????????????????????????????? ?????????????????????1????????????????????????????????? ?????????????????????1??????????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????ll??????????????????06??????ll???????????????????????????????????l???\??sO??????????????????ll????????????????????????????????????????????????????????????????????????????????????z?????????????????? ????????????????????????"?????l???????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? l??????-??????????*6to4mp??e??*6to4mp?????*6to4mp?????????????????????????????????????????????????????????????????????tunnel?455??*6to4mp??????????????6??4m??????????????????????????????????????????\Device\NetBIOS_NetBT_Tcpip_{087ED305-0D74-4EEC-A414-925E6D825C4A}?\Device\NetBIOS_NetBT_Tcpip_{2676B820-5F12-42CE-AB19-EDCA35572F13}?\Device\NetBIOS_NetBT_Tcpip_{D1A19B67-31A4-452A-851C-2E00A4EA132E}?\Device\NetBIOS_NetBT_Tcpip_{68EB6D5C-A0D6-466F-BC39-C3D8D2C52990}?\Device\NetBIOS_NetBT_Tcpip_{E92EE340-FE77-451D-84E1-AAB3D90810AA}?\Device\NetBIOS_NetBT_Tcpip_{18E61A03-F008-4FFB-8A7E-F0CE2D9B31C8}?\Device\NetBIOS_NetBT_Tcpip_{4881D4F7-FD3F-4515-8D24-4B890FDA76AC}?\Device\NetBIOS_NetBT_Tcpip_{82DF742C-C5E5-40A6-9740-C0BD974AF484} Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???i?u??@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,3)?;(0,28,3)??????? ??????????????????*6to4mp??????????i???e???e??tunnel???????????l??????p???{4d36e97d-e325-11ce-bfc1-08002be10318}??????? B??i?????????4????*6to4mp???????N??????????????????????h???i??s???Modem????????????????`??????s???Base????*6to4mp???????N??????e???????e????????????????????P??u?????????e???????h????{4d36e97d-e325-11ce-bfc1-08002be10318}??????Wdf01000????NDIS?:??? ??????????????????KSecDD???????????j?????????????????????????h???????h????{00000000-0000-0000-ffff-ffffffffffff}?-A5??Net??????????????_??BB???????????4??t-??t-??? ???????h?????h??????????(???????????????????s??/??? ???????h?????h???????-??4?????????????????????????? ???????h?????????????-?????????????????????y??? ???????h???????????h????????"??????????f???????h ???????????r???????????|???????????????@???????????????????????????????D?????????????????????????????????????????????????????????????????????????????-0???i?i????????? ???????h?????h??????? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ????f5??? ?????????????????????1?????????????????????????i???r??ri??????????????????? ?????????????????????1????????????????????? ???????????????????k?1????????????????????????????????????QportInstall00??????????????? ?????????????????????1????????????????????? ???????????????????l?1????????????????????????????????0B???????l??????????????????? ?????????????????????1????????????????????? ???????????????????l?1????????,?????????????????????????????,?????????????usb\vid_12d1&pid_14fe???????????? ?????????????????????1??????????????????????(?????????????????????????????oem8.inf:QcomSerialPort:QportInstall00:1.0.1.4:usb\vid_12d1&pid_14fe?c??? ?????????????????????1????????????????????? ???????????????????i?1??????????????????????????????????sft%???????????????????????????e??? ?????????????????????1????????????????????? ???????????????????i?1????????????????????? ???????? ????????????1????????????&????????????????????S??????????????? ?????????????????????????????????? ???????????????????? ????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ?????u??????????Net?eE????????????N??????E????D}?\????????????N????????????? ???????????????????????????Net?????? "??????c?????l??????X??????p???t???????????B????0??????????t??6.1.7600.16385?TO4??@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100???????????????0???????????B???&???????u???????????????????d??tunnel??????????????????????????????vi??????????????????????????????????sK????.Po??czenie lokalne* 123??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2Karta Microsoft 6to4 #113????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???j???????????????????????i????? ???????i?????i???????1???????????????????????i???i???i???i???i???i???i???i???i????????????? ???????i???????????h?1????????????????????srv2???????i????? ???????i?????i???????1????????????????????? ???????i???????????h?1????????????????????tunnel??????Modem????????k???,???????????????????????/?????i????? ???????h?????i???????1????????????&??????????????????????????h???h???i???i???i????????????? ???????i?????????????1???????????????????????i????? ???????h?????i????????????????????(???????????????????????? ???????i?????i?? ???????"???&?????????????????@machine.inf,%pci\ven_8086&dev_2448.devicedesc%;Mostek (bridge) Intel(R) 82801 PCI - 2448???@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,30,0)?;(0,30,0)??????*6to4mp??D??tunnel?d0-???i??????????????PCI\VEN_8086&DEV_2448&SUBSYS_049B1025&REV_93?PCI\VEN_8086&DEV_2448&SUBSYS_049B1025?PCI\VEN_8086&DEV_2448&CC_060401?PCI\VEN_8086&DEV_2448&CC_0604????PCI\VEN_8086&DEV_2448&REV_93?PCI\VEN_8086&DEV_2448?PCI\VEN_8086 Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???t?t???????t???t???s?s?s?s?s??????????????????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????t??????5???tunnel???????u?u?u??? ???????s???????????s????????,????? ???????????????????????????????????????d???????????????e????????s??????????????????KeyboardClass??????????????????????????????????????????????????????s????? ???????o?????s????????????????T???????????????????????t?????????????????????????????????????????P??s????????h?????\SystemRoot\system32\DRIVERS\kbdhid.sys??????? t?????t????(??s?????????e????Keyboard HID Driver??????????s??????p???Keyboard Port???LocalSystem??????????h????????????T??s???????????d??hidirkbd.inf_x86_neutral_b7b6ffb126da2654??????????????g?????t??? ?????????????????????? ????????????t??????????????? ???????s???????????s?????????????? ???????????? ???????o?????t?????t??????????@?????????????"??t?????????e????@keyiso.dll,-100??????@??t????????h?????%SystemRoot%\system32\lsass.exe???????"??t?????????n????@keyiso.dll,-101????? ???s????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???u?u???????:??????????????el???????u??????????????*6to4mp??????????????B??????????????????Microsoft???@%SystemRoot%\system32\drivers\partmgr.sys,-101??????u??text????@%SystemRoot%\system32\drivers\partmgr.sys,-100??????????????????e??????????????????*6to4mp?e???????????????6-21-2006????????????0??????????????????????????????? ???????u?????u?????n?????????????? ???????????????????????t??????u???u????? ???????u???????????u????????"?F????????k??? F??u??????????e???%SystemRoot%\System32\wshnetbs.dll????????????????????????h???????????????????????h??????? ??u???????g???????????????????????u?u?u?u????? ???????o?????u???????9????????X???????T???C:\ProgramData\Microsoft\MF?????IntcHdmi.sys??????????????????????????R??????????????d?????????????u????????????System32\DRIVERS\netbt.sys???????????????????????????{??????????????????????????t????????????????????:???????????????????????????????????????????????????????????????????????B???????????????????7??????????????????????????????????????????????????????? ???????u????? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???k?n????N??l???????????????????????????????p???????????????????o??rdbss???????????????disk????????????? ???????????????????4??? ??ms_ndiswanip?????????k???????????f?k?k?k?k???k???????}?????????????????s????????????????????????????????????????????????????????????????????????????????volume.inf:MSFT.NTx86:volume_install:6.1.7600.17122:storage\volume???????????k??????s????l???l?????????????????s?4???????????8?????sag???????????????s??????p????????????????k???-??25???k???????t???????s??LegacyDriver?????????????????|??????????Volume???????????????????????????????????????????????????????????l??????sa??????????????????????????????????????????volsnap??????????????????????????????????????k??????????????????????????System?B-D??????????? Z??????n?????ora???f?j?k?k?k`??k???????k??????????LegacyDriver?????????????????????????????????????0??00??Typ??????????????????????????????k??????????????? ???????k?????k?????k????????????&? ???????O???????????????????????? ???????k???????????k??????????`???????????? ???????k?????k??? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???v?????????????????????i?i?o?u?u?u?u?v?u????