GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-23 15:50:37
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD161HJ rev.JF100-19 149,05GB
Running: w74b9sff.exe; Driver: C:\Users\Azrael\AppData\Local\Temp\kwrdypoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                                             830768E9 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                      830963B2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                              [744F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                             [744F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                        [744D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                       [744D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                    [744E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                      [744E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                     [744E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                    [744E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                           [744E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                     [744E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                [744E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                              [744E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                    [744EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                        [744E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export  ?????????????????????????????????????h??? ?????????????????????1????????????&????????????????????}??????nettun.inf??52??? ???????????????????U?-???????? ???????????????????????????????Microsoft????????e??????????????? ?????????????????????*??"?????l?k?????????monitor.inf:Generic.NTx86:PnPMonitor.Install:6.1.7600.16385:*pnp09ff?3???????????G????????m?Fi??????????????????????????????6to4mp.ndi??????? ?????????????????????1????????,???????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????4??????????s????????????????????????????????S???????????????????????????????????B????`??????4???-??????????????? ?????????????????????-????????????????????????????????-A??*6to4mp?AA???????????????????B???????????????????????????h??nettun.inf??52??????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????0??????????? ??????????????????nettun.inf??t???6-21-2006????????????????????n???????????????????3????0?????????????tunnel??????? ?
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                                                            ????Wi??????????????????????????????????Parallel arbitrator???????R??????????????d????N????????????D?????????????E?????s3B??????48??????????7???Tcpip6?TCPIP6TUNNEL??9??ip???????????????e??????4???????4???????????????DF???????????o??????re???r?s?s?s?s?s???s?f????????????????s??????????E??????4???Root\*6TO4MP\0161????????????????h????????????z??????????????????????v???????????????????????????????????????????????o??????re??????????????????Re???????????M??????ft???????????y???????????????????k???????????????????h??11????????????????????????????????????????????????*??????}????dtBT???????????????????????????????????????????????????????????????????????????????????8??????????????????????int?F}??tunnel??0????????????????n????z??????`????????*??????4????d"{E??? ?????????????????????*??"?????l?&??????{??????????????????????????? l??????e?????e I????????????????????J??????????????d?????????????????????l????text?7??????????????? ?????????????????????1????????????????????? ?????????????????????1???????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                                                           ?????????????????????????????p??????s?????????????????????????????X??????e????????????????????????????:??????F?g67???????????B???????????????????????????g??????9????????v???????e??????00??{4d36e972-e325-11ce-bfc1-08002be10318}??????????????????????????????5-??Microsoft????????f??? ???????1?????????????,????????$???<???????????????????????????????96??????????????????? P??????{?????B6D????*??????9????d96A??????????????*6to4mp???????4??????3???????????????????????e???????????????????????????????&???????????????????????p????????????????????????????????X??????e???????????????2?????sic??????????text?l??????12??????????????????l?????????????teredo.ipv6.microsoft.com.???????????? ???teredo.ipv6.microsoft.com.nsatc.net?????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4082E558-2319-4B1A-94A4-D818083D7195}] SEQPACKET 165??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                                          ?????|??????????? ??????????????????????????????t????}???}?}?}???????????????????????????????4??????FA????B??????????????????z??????????????????t??????????????g?????????????????????}??Microsoft???? ???????o??????????????????????L????????????? ??f???????e??Karta Microsoft 6to4 #3??????}??????-F????N?????????D?????<??????D?gBA???}???? ??n???????e???  ???????????????????|????????g????? ??????????????n???? :??}??????????t?????n??}???????????????????}??? ???????o?????}?? ??}?0??????$???????????????????H??}?????????e????@%systemroot%\system32\wdi.dll,-502???????d??}????????h?????%SystemRoot%\System32\svchost.exe -k LocalService?????H??}?????????n????@%systemroot%\system32\wdi.dll,-503?????? 4??}?????????????????}???}?????}??????????????NT AUTHORITY\LocalService???????????????????????????????????????ServiceMain????????? ???????????????????????????????? <??}???????????????????}??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeSystemProfilePrivilege???????,??}???????????????????????????????????????}?
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                                                                       ????????????????????????????????????????????????? ?????????????????????,????????z?????#7DB????$??????E???????1??Root\*6TO4MP\0022?????z??????8??????{B????$??????9???????9??Root\*6TO4MP\0022???? ???????????????????y??????????`????????e??? P??????\?????FB6????*??????-????d596??Microsoft???? P??????5?????B63??????????\\?\Root#*6TO4MP#0019#{cac88484-7515-4c03-82e6-71a87abac361}?E??? ???????1?????????????,??N?????$???<???????????????????????????????03??? ?????????????????????,????????????'????????????????????}????$??????2???????c??Root\*6TO4MP\0019????????????2??????43??? ???????:?????????????:??????????-?&????????????????????D??? ???????9?????96A??6-21-2006???6.1.7600.16385?409??Karta Microsoft 6to4????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????N??BT??6.1.7600.16385?C2A????:??????-?gB0??@nettun.inf,%msft%;Microsoft?"??nettun.inf?pip???????????B??????????*6to4mp?BT??? ?????????????????????1????????????????????? ?????????????????????1???????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                                                                      ????el???????????????B????????????X??????t???t???????????????????????????????????????????t??@nettun.inf,%msft%;Microsoft?2???????o???5??s9???????????}?????eip??????????????6-21-2006?????N??????e????Dlne???????????D????????mr?????????????B??*6to4mp?????????????????tunnel??????????????????????????Karta Microsoft 6to4 #102???Karta Microsoft 6to4 #104???????????*6to4mp?1????????????D???e????:????????g??????4?????????????16??{4d36e972-e325-11ce-bfc1-08002be10318}\0114?51??{4d36e972-e325-11ce-bfc1-08002be10318}\0116?AE??AE??????????????tunnel?619????4?????????????16??Karta Microsoft 6to4 #105???????D-??????????????????Karta Microsoft 6to4 #106????e??????????????4???????????????t????????????e??{4d36e972-e325-11ce-bfc1-08002be10318}??92????:??????B?g3}??@nettun.inf,%msft%;Microsoft????? ???????B?????9AB??? ???????4?????10???????50??????s}??????????3???????4?????????????4?????????????16??{4d36e972-e325-11ce-bfc1-08002be10318}?9-9??{4d36e972-e325-11ce-bfc1-08002be10318}?6A0????:????????g?????????e??11?t???????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                     ?????u??*6to4mp?????? ???????t?????t?????t???? ???????????????s??????????t??????????????? ???????t???????????t??????????????????v????????t??????????135000??????????????????s??????t????? ???????t???????????t?????????????? ????????????????t?????????a????C:\ProgramData?????????t???t????? ???????o?????t?????t??????????R????????s???????????????????????t??????p????t?t?t????????????????????????R??t????????h?????SCSI Miniport????t?t?t?t?t?t???????t???t????\SystemRoot\system32\DRIVERS\megasas.sys??????R??t???????????d??megasas.inf_x86_neutral_395276dd9b7a7448????????? ???????t?????t?????t?????????????? ????????????t???t???????????????????????????e???t??? ???????t???????????t???????????????????????????t???????????r??enableMSI=1??????t??? ???????t???????????t???????????????????????????????????????????t??? ???????o?????t?????t??????????P??????????????????????g?????t???? ??d??????p????????u???????t??11???????????????????????????????????????????t??Net?B9?????t?????t??\SystemRoot\System32\drivers\vga.sys????system32\driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind                                                                                 ?????f??????????????????-4??????????????????l?????????????teredo.ipv6.microsoft.com.???????????? ???teredo.ipv6.microsoft.com.nsatc.net?????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5B70E071-C386-4013-805C-E8084C81C2F7}] SEQPACKET 44????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????GR??????????????????l?????????????teredo.ipv6.microsoft.com.???????????? ???teredo.ipv6.microsoft.com.nsatc.net?????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{77B9F661-F9B8-4718-ADFD-BF02C5F3EFC1}] SEQPACKET 43????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????3-??? ??????????????????????????????"??? ???????????? ?????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route                                                                                ????????ROOT\*6TO4MP\0145??????????????????d?????????????????????????w??????????di????????????????????????????????????????????????????????????????????????????`?? ??? ?????????????????????1??????????????????????????????????????N????????????D????????????{36fc9e60-c465-11cf-8056-444553540000}\0001?????????????text?-??Po??czenie lokalne* 153?t ??????????????????????????????????????? ???????Z?????????????1????????????&????????????????????????????????e??????????d9??????????nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?????????????f??????????????????????????????? ?e????????????????????????????????????96??}???????????????????? ????????????????????????????$?N????????f???????f??????????????????-4??????????????????l?????????????teredo.ipv6.microsoft.com.???????????? ???teredo.ipv6.microsoft.com.nsatc.net?????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5B70E071-C386-4013-805C-E8084C81C2F7}] SEQPACKET 44???????????????????????????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export                                                                               ????xG???????s???p??????xG??*6to4mp???????`?????????????3????????????????4??????????????????????????????????????????????????????????????l?????????????teredo.ipv6.microsoft.com.???????????? ???teredo.ipv6.microsoft.com.nsatc.net?????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DCFAE999-722A-4BD9-A13A-9690F0E769D8}] SEQPACKET 111????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????n???;??????????????????????????nettun.inf???????????????????????????h??????????????? ?????????????????????,?????????????????f????N????????????D????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ???????1?????????????,????????$?6?<???????????????????????????????ce??? ?????????????????????,????????z?????#9E6????$??????E??????? ??Root\*6TO4MP\0053?????z?????????????????\\?\Root#*6TO4MP#0053#{cac88484-7515-4c03-82e6-71a87abac361}????????????????text???
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind                                                                                   ????????nettun.inf?0?5???????????D?????sTc??????????*6to4mp???????$??????4???????????????????4???????????????????????{??? ?????????????????????????????????????? ??z????11?9E-??????????Typ???????????????????????m?????????????????????????????? ???????????????????t?0????????(???*??????????????????????????????0???0???????????????0???0???0???,???-????????????????????????????????????????????????????????????????????? ???????????????????t?0????????(???*?????????????????????????????(?????????????20130419093442503???????usb\vid_1110&pid_9042???????????????????????????USB ADSL2 Loader????????????????????????????????????????????????????? ?????????????????????????????????????????e??????????????????c?????Debug Module?????????????????t??FFFFFFFF????????0??????n???????????????x????FFFFFFFF????RXFF03??????????1?????????????????????????????????????????????????????????????????????????c?????? ??????????????????????????????(????????e????(?????????????????DMT state timer(ms)??e??????????? ?????????????????n???????????????x???????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route                                                                                  ????ip??????????6-21-2006???int??????????????B???????????????????0?????????????????????????????????????????d????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ????????????????????????????????????????????????????????????????????????????????????????????????? ???????H??????????????????z???????? ???????????????????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0022?? ??{D53A97F5-E25D-4845-B025-B121C56C132B}??????????? ???????}???????????l????????"???#?????????EE??? z???????????????????????????????3 Co???????????u??GE??? ????????????????????????????$?N????????????????????r??????????????6-??? ???????:?????????????*??"?????l? ??????{???????;:?????Sawtooth Down???{4d36e972-e325-11ce-bfc1-08002be10318}???1??*6to4mp????????????????????????????????????????s????? ???????W???????1???$???????????????????????????{???????5??? ?????????????????????1????????????????????? ???????????????????|?1?????????????????????????????0??25???????|???3??3f?????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export                                                                                 ?????????????????????????????????????????B??????54??Typ?????????????????????????? ?????????????????????1????????z???????????nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?.??6.1.7600.16385??? ????*??????????????????????e??????ne???????????????????????????????????-?????e14??? ???????@????????????????????$?N?L?????????????????????????????????0???1????? ?*6??Microsoft???Typ??????????????????????????????????????????????????????????????????&??????????????????????????????? P??????B?????B5-??????????????????ft????????????????????z?????????????? ???????????????????????????????t??????????????????????????r???? ???????"?????7E9????????????????????m???????X??????????t???????????B?????e-D???????????e???t??????????????????Microsoft????????????c????????m???????|??????{???????A???????????????????????0????????????*??????3????d"{C???????????????B??{C0C76E48-FBB3-4A65-941F-24EB7C6DA17B}???P???????????2?????e9-???????????????????1??????????? ??????????????????????????{D000983E-AEB8-4B7A-A921-C39D0E3DD088}??? ??? ?
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind                                                                                     ????53??????????????d:\a752d0c301d6ba8ed6e9e779671b6d40\DW\DW20.exe?W\DW20.exe?:????????(??????>?????>???????????>???????????????>???????????>???????????????????>???????????>???????:?>????'9???????"?>???>?????"?"???>?????:???>?????"?"???????"?????"?"???>?=????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|Name=@FirewallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|???????????t????????????5??sC???????????m??ta??Sine?????$???????i??????????????????el??????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30793|Desc=@FirewallAPI.dll,-30796|EmbedCtxt=@FirewallAPI.dll,-30752|?????????????&???????h???????????????????v???&???????5???????????????????l???&??????????????????????????????? ???????????????????????????w??????os??Microsoft???? ???????@???????????????????? ?0???????????HID_Mouse_Inst?????
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route                                                                                    ????el??????????????????????????16???????????????????????????????????????????0??????F}????????N??????c????????????.??????????t??Karta Microsoft 6to4 #107???????????????????????????Karta Microsoft 6to4 #110????????????????e??????????????Typ??????????????0??????????????????@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4?????N????????????D?????????????c?????s x??????9???{4d36e972-e325-11ce-bfc1-08002be10318}\0119?81??? ???????&???????&????X??????y??????{4d36e972-e325-11ce-bfc1-08002be10318}\0151??&???????????????????????????????????????&??????????? ???????1???????????????????6?????s-9???????????????????????????5??e ??????????????????????????????????????????????????????????? ??????????????????@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4?????:??????B?g\D???????l??????????Typ??t??????????????????????????*6to4mp?????? ???????8?????2????{4d36e972-e325-11ce-bfc1-08002be10318}??????1????????????????????B????X??????e????????4?????????????16???????????s??????l,??{4d36e972-e325-11ce-bfc1-08002be10318}\0121
Reg    HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export                                                                                   ?????????????????????? ??????????????????????????????????????8??\{???????????????e???????????????????????????????R???????????????h??????????? ???????????????????~???????????????????????????????b????????m?????????????????????Net??????????????????????????B???????4???????4??tunnel??????*6to4mp??-???????l??? ???????8??????n"??? ??????????????????????????????????????????????Adres sieciowy??Ty??? ????????????????????????????????????????????????????????c?tu???????????????t???????????t??ow???????????i???e??tunnel?FD ????>?????????????Sterownik karty Microsoft 6to4??? ??? ??????????????tu??tunnel???????????????9??????89??????????????????????????? ?????????????????????,?????????????????f????????????????????????N????????????D????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ???????1?????????????,????????$?0?<???????????????????????????????ce??? ?????????????????????,????????z?????#???????$?????????????????Root\*6TO4MP\0047?????z?????????????????\\?\Root#*6TO4MP#0047#{cac88484-7515-4c03-82e6-71a87abac361}?S??? ???????1?
Reg    HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export                                                                                ????sy??? l????????????oft????:????????g??????N??????8????D85???? l?????????????????Karta Microsoft 6to4 #74????{4d36e972-e325-11ce-bfc1-08002be10318}\0155???????N??????e????Dlne????8??????????????????t????????????X??????e???t???????????????????????????????2??????92????N??????D?????DCB???????????C??????58??????????????????????????@nettun.inf,%msft%;Microsoft?7??? ???|??? ????????????N?????????????????????????????????6.????????????????????:??????v?ge\??? ???|???????????????????l???7??s-????N???????????????????2?????????????16????????????:???????????h?????{4d36e972-e325-11ce-bfc1-08002be10318}\0083???????:??????5?g60????N??????e????Dlne??{4d36e972-e325-11ce-bfc1-08002be10318}???????????t???_??????? p?????????????????????????????????????????ic??????ne????????????????????????????????????????,Po??czenie lokalne* 60??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export      ???-??????P??z??????????????intelide?.??????? ???????6???a??in??PCI_DRV?? ???????6??????????NO??Microsoft???? ???????6?????6???????3?????????????????????????????????????6??? ???????6???????????5?3???????????????????????6????????????????NO???6???????6??????????Microsoft????6?6?????6?????????????????6?????6??? ???6???6??????????6-21-2006????????6???????????????????6???6??? ???????6?????6???????3???????????????????????6?????????????????????6??? ???????6 ????6???????-????????????&???????????????????????????????????????????? ???????6?????6???????-????????????????????? ???????6???????????6?-?????????????????????????????????????????????????????6?6????? ???????6?????6???????-????????????&????????????????????1??? ???????6?????6???????-???????????????????????6????? ???????6???????????6?-???????????????????????6?????????????????????????6??????????\\?\storage#volume#_??_usbstor#disk&ven_&prod_&rev_8.07#12070680040391&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???????6?6pc???????6???d?
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                                                                ???f?n???????????~???~??? \??????????????????`???`?`?`?`?`?`?`?`?`?`?`?????????????????????????? ????.???????.????X??f????????????N??k???????????1??? ??@???????????????Application?????????????????t???4&2c30955e&0?7????????????????????????????n??f??????????? ???h??????????? ???????`???????????y??????&C??? ????????????????????`??????????????????h?h?????????`??????????????s????`?`????? ???????`???????????`????????>???????????e??????????????????????????????s??????????????????????????????? ???????`??????????????????????????????????????????? ???????`???????????`?????????????? ???????????????????????????????? ???????`?????????????,????????????????????????? ???????`???????????`????????*?????????????netfxcustomperfcounters.1.0?SharedPerfIPCBlock?Cor_Private_IPCBlock?Cor_Public_IPCBlock_?????????????????????????0??? ???????`???????????`?,????????,?????????s??????????`???????q??clbcatq.dll??????????`??????2????e?e?d???????`??????????advapi32.dll?????`???`???????????????????`??????????COMDLG32.dll????IMM32.dll?????,??`?
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                                                               ???k????tunnel?43F???????????n???????4??@%systemroot%\system32\drivers\hwpolicy.sys,-101??????<??p????????h??????n?????????????????????m???m????USB\ROOT_HUB20&VID8086&PID27CC&REV0001?USB\ROOT_HUB20&VID8086&PID27CC?USB\ROOT_HUB20??????<??o????????h??????????m???????????p??????????LDDM Graphics Subsystem?????PEAUTH???????????????m??????????Ge???????m???0??e2??USB\VID_1110&PID_9041&REV_3029?USB\VID_1110&PID_9041????system32\DRIVERS\e4usbaw.sys?????n???????????????m??????00????*??n?????????????n????? l?????????????????? ???????m?????m?????n?-??????????????????????s.de??\??\USB#ROOT_HUB20#4&294cb6a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}???m?n???????n?????????????5??1c??????l,???n???n??????????????? ???????n???????????n?1?????????????????????????n??????????usbport.inf:Generic.Section.NTx86:ROOTHUB.Dev:6.1.7600.16385:usb\root_hub????? n????? ???????n?????n???????1????????????????????????ic???n??? ???????n???????????n?1?????????????????????????????????????????n???????9???n?n???????n????? ???????n?????n???????1???
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                              ???l?????s???s???k?k?????n??????????wa???????m?????????e?????????????6???????????????n??????? ???????n?????????????,?????????????????f???????????n??? ???????n?????n???????1??L????????? ??????????????n???n???n????????? ???????n?????n???????1????????????&???????????????????????? ???????n?????n???????1????????????????????? ???????n???????????n?1?????????????????????????????????5???????n???5??????umbus.inf:Microsoft.NTx86:UmBus_Device:6.1.7600.16385:umb\umbus??????n?n???????n????? ???????n?????n???????1????????????????????????????????? ???????n???????????n?1?????????????????????????????????????????n???????????n?n???????n????? ???????n?????n???????1???????????????????????n???n???n????????? ???????n???????????n?1?????????????????????????????????????????n???5???????n?n???????n????? ???????n ????n???????1????????????&????????????????????5?????n???n????? ???????n?????n???????1????????????????????? ???????n???????????n?1?????????????????????????????????????????n???????h??????c.???n?n???????n????? ???????n?????n???????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                                                           ???n?n????(??s?????????e??????X????????????n?>???????p???????????????????????????????????????????????B??USB001?|????Microsoft????u?u?t???????y????b??n?????????e??????????????????????????????Z??p????????h?????????????????System32\DRIVERS\fvevol.sys????????o?&?o?&?n???n?n???????????????????l?l?p?t?t?n?n??????????????????????? ???????o?????n???????,???????????????????o????? ???????n?????n???????,?? ?????????????????? ???????n?????????????,??L?????????????????? ???????n?????n???????,????????????&???????????????????????? ???????n?????n?? ????,??????6????????????????????????????????????n?????????????4???????????????????????u?????????????????????????????????????????????n?&?n?&??????<?????????????????????????????????????????????b??p?????????n?????????&???????????????o??????????????????????? ?????????????????????????????????????????n?????????n??????p??????n?????????????????4???????????????????o?????????????? ??????????????????????????? ????????????????????????????????????????????????????e?????????????n????????? ?????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                                                                          ???m?n??????????????????????????#???????????????????????\\?\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac?????????b}??????? ???????U?????????????,????????????v????????????????????????????????????????????????????????????????????????????????????????f??????s???Root\*6TO4MP\0130???tunnel??????????????????? ?????????????????????,???????????????/????? ?????????????????????6??????????????????????????????????????????????????????????????????????????????????????????????????????}?????????b}??????? ???????U?????????????,????????????????????????????????????????????????????????????????????????????????????????????????????????????????STORAGE\Volume\_??_USBSTOR#Disk&Ven_&Prod_&Rev_8.07#12070680040391&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}?????? ?????????????????????,??????????????#?????????????????????????\\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_&Prod_&Rev_8.07#12070680040391&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?????????????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                         ???y?n??????????????? ???????????????????U?,????????x?????#?????????#???????????*6to4mp??8??None????? ???????U?????????????,????????t????????????????????6??????95????$???????????????????:??????9?gC-??????????????????????????????? ???????U?????????????,????????2???C???????????????????????????????????????? ???????a???????????V?,??????(?????????????????????????????????????????? ???????????????????S?,??????????????#?????????????????????Net?????? l??????v?????v???????????????????????-??????$??????D???????A??????????????#???? ???????T?????????????,??????????*?&????????????????????n??? ???????????????????T?,????????2???C??????????????????????????????????}6a??????2C??????????????? N?????????????????ATA<cr>?????????????? ???????????????????U?,??????????????#7c6??Root\*6TO4MP\0137?????0??????v???????|??? ???i???r??????????????????*teredo?????????????????????????#???? ???????U???????????U?,??????????????????????????????????????????????????????????????????????????????????}?????@system32\DRIVERS\pci.sys,#65536;PCI bus %1
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind                                                                                     ???k?m???????????????????h???????e??{00000000-0000-0000-ffff-ffffffffffff}??????????????????s????????????m?ms???? ???????k?????k?????k?,???????????? ???????R????m?m?.???k??{4d36e972-e325-11ce-bfc1-08002be10318}???????????S???????e???g?i?i?f?i?j?i?k?k?k?k????????????????????????N??????u???????????????l???????????????????????????????????v???????/??? ??????????????t??????????????g??????????????????????X????????????????4?????????????2???m?m???????????????????s??????????????????????????:??s????????h?????????????????????HIDClass?????????????????k??? ???????k?????k?????k?,?????????? ? ???????C???? ???????k?????????????,????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?????????k?&??????????????????????????????????????????????????????????????????????????t???????????????t????k???k???????j???.???????.??? ??????????????????LPLAYER??????????????????????????k??? ???????k?????k?????k?,??????????!? ???????L????????????????????k??? ???????k???????????f?,????????^???????????????????????????????????????????t??????k?&?
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route                                                                                    ????????????????@nettun.inf,%msft%;Microsoft?p????2?????????????????tunnel??????????????Sawtooth Up??????????????0??4f???????????`?????s?`?????????????????????e????ROOT\*6TO4MP\0001???@oem3.inf,%hid\vid_046d&pid_ca03.devicename%;Logitech MOMO Racing (HID)?????? ?????????????????????1????????????????????\\?\USB#VID_0FCE&PID_0171#BX9033SZ1G#{48f4db72-7c6a-4ab0-9e1a-470e3cdbf26a}??????????????????k???f???????l???????????v???????????w?????????????????s??????????????>??????t??????USBPRINT\HPDeskjet_F300_serieDFCE?HPDeskjet_F300_serieDFCE??????Karta Microsoft 6to4????????6to4mp.ndi???h??? ???????i?????e?h??@nettun.inf,%msft%;Microsoft????S5230?30G???? l?????????????????tunnel????????????????????????????????*??????i?????????n?i??Net?????11???????????????p??? ???m???????????i???@?@?A?A?A?A????????? ???????????????????e?1????????????????????SEMC Mass Storage USB Device????? ???????D?????4}"??????????????????Net?????????????????????L2?03???????m???? ???????????????????????????????????5????z??????????????m????0??????j?
Reg    HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export                                                                                   ?????????????????????????????????????' ??2??????text????????t???????di?????????????? 1??????F}??? ???????????????????????????????s????`???????????????????????????????????X??????????t???????????E??????-4???????5???????????????????????????????????????????????t??11???????????????????????e???????m??????????????????Sterownik modu?u wyliczaj?cego dysku wirtualnego Microsoft?11c??11???????????????????????????????#????????????????????????m?????????????????????????????????????????????11????????????????????????m??????????????d????????m?fP????????????????????????N??????0?????D01??????2??????????????????????????????????????????????????????????????????????s?????????????i???e????N??????D?????S\v?????????????????s???????????????????s?????????????????????????????e???????l???????????v??_N??*6to4mp??????????????e??52???????????4??????????*6to4mp???????????????????z????????????????u????????????????????text?????????????????t??? ?????????????????????1????????????????????? ???????????????????y?1????????z????????????????????c??p6?
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind                                                                                       ???i?l??????????????xe??? ???????i?????i?????;?-??(????????????????????????????????????????s?????i?i????? ???????i?????i???????3?????????????????????????8???j?j????? ???????i???????????i?3?????????????????????y???????????5?????????????i???????? ????8?????????????????j?????i??????????????? ???????j?????i???????1????????????????????? ???????i???????????i?1?????????????????????????????u???????????i???/???8??mshdc.inf????i?i???????i????? ???????j?????i???????1?????????????????????????????n??Ge????B??i???o??NT??? ???????i???????????i?1?????????????????????????????????????????i??????????atapi_Inst???????i?i???????i????? ???????j?????i???????1????????????????????? ???????i???????????i?1????????*?????????????????????????????*??i??????????internal_ide_channel?????i?i???????i????? ???????j?????i???????1????????????????????? ???????i???????????i?1?????????????????????????????8???????????i??????????Microsoft????i?iSy?????i????? ???????j?????i???????1????????????????????? ?j???j???j???i???i???i???i???i???i???i????????? ?
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route                                                                                      ??????????????????N??????E????D334????????????????????????????????????????????????,Po??czenie lokalne* 33???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????0Karta Microsoft 6to4 #26??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg    HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export                                                                                     ?????s??@nettun.inf,%msft%;Microsoft?A??Karta Microsoft 6to4 #41????@nettun.inf,%msft%;Microsoft????Karta Microsoft 6to4 #42????? ???t???0?????000????2??????A??????DA??{4d36e972-e325-11ce-bfc1-08002be10318}?BF}????N??????2????D-43????2?????????????16???????????????e????N??????i???????k??? ~????????????0?????????????????????v???????????????????????????????????????????i???t??????????????????????????????????????Typ??????????????k?k????????????????????????????????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????{4d36e972-e325-11ce-bfc1-08002be10318}\0055?? ????2?????????????16??{4d36e972-e325-11ce-bfc1-08002be10318}??????? ???z??????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0056?????{4d36e972-e325-11ce-bfc1-08002be10318}?21C????2??????3??????11?????????????????s????? ???y???0?????E83??? ???????6?????AP.??????????????????{4d36e972-e325-11ce-bfc1-08002be10318}?002??? ???s???g?????i?l??{4d36e972-e325-11ce-bfc1-08002be10318}\0058?? ??{4d36e972-e325-11ce-bfc1-08002be10318}?
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind                                                                                         ???i?p??WPD??????v?|?v???????????.???;???????e???????e??System????????P??t?????????e??????N??k?????????e?????????f???????????f???????????f?f?h?????f?????f??????????????????$???4????? ??????? ????t?????????? ????????????????????????????????????????? ????????$???f??????????????????????????????$???4????? ??????? ????t?????????? ????????????????????????????????????????? ????????$???f??????????????????????????????$???4????? ??????? ????t?????????? ????????????????????????????????????????? ?????????X??????n?????????????????????sde??{00000000-0000-0000-ffff-ffffffffffff}??Si??4&313ffe17&0??????N??????e????Dlne????<??f?????g??????N??f????????D??????????e??????si??@cdrom.inf,%gencdrom_devdesc%;Stacja dysk?w CD-ROM??????LPTENUM\MicrosoftRawPort958A?MicrosoftRawPort958A??m32???????????l???I???????W???????e????????????????????????P??j?????????e?????????`????????????J??k?????????e?????????g???????????????????u???f???z?{?v?????????????g????disk???????f???????f?????$???f??????????????????????????????$???4????? ??????? ????
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route                                                                                        ???p?i???????:??%systemroot%\system32\wbem\wmiaprpl.dll?????????????????t???text?g??? ???????o???????????p????????$???H???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t???????????????t?????????????????????0??p???????????e??RpcSs?EventSystem?SENS????????,??p???????????????????????????????????????p??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeDebugPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege??????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????o???????????p??????????R?I??????k????????????????????????????????????????R??p????????h?????\SystemRoot\system32\DRIVERS\crcdisk.sys??????,??p?????????e????Crcdisk Filter Driver??????p?????p???????????????????p??????p???Pnp Filter???????p?p?p?p?p?p?p????R??p???????????d??crcdisk.inf
Reg    HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export                                                                                       ???z????????oo????????????????????????$??z??????????? ??????????????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|?????"???z???????????????????????????????z??????????????????????????????t????????|??????????????????????????????????tunnel???g??R1???y???????????E???E???????{??????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|????y??tunnel??cb??.NT?????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Des
Reg    HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export                                                                                    ???s?k????z??????r?gke????????X????????????????????????????????j?????????h??????p???LegacyDriver??????N??l?????????D?????????????????????u???????u???????????0??????bs??bs??disk????????????????????? ???????j?????i?????j?-??(???$???????????????s00??????????????????????3?????????i???????????????j?j???????i????? ???????j?????i???????-??4??????????????????????????j??????????????@usbport.inf,%pci\ven_8086&dev_27cb.devicedesc%;Uniwersalny kontroler hosta USB Intel(R) 82801G (ICH7 Family) - 27CB?C??{00000000-0000-0000-ffff-ffffffffffff}???????????`???e???e???? ??[???r???e??{00000000-0000-0000-0000-000000000000}??@(????N??l???A????Dd?????}?|?}??? l????????????6????{4d36e97d-e325-11ce-bfc1-08002be10318}???7???????A????????????N?????? ??????????@%systemroot%\system32\browser.dll,-102??????????k???????k?????????????????????i????@usbport.inf,%pci\ven_8086&dev_27ca.devicedesc%;Uniwersalny kontroler hosta USB Intel(R) 82801G (ICH7 Family) - 27CA????????????? ???????i?????j?????j?-??(???$???????????????s028?????????????????

---- EOF - GMER 2.1 ----