GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-17 20:17:10 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 Running: 0z0sjeeq.exe; Driver: C:\Users\Natalia\AppData\Local\Temp\kfliikob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8B35528A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8B36F342] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8B36F678] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8B36F9EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8B355D04] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8B36F02A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8B356276] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8B356164] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8B36F4E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8B355046] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8B35638E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8B3708D0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8B3558BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8B355A2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8B3564A6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8B36F5B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8B35674E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8B355D46] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8B357750] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8B356840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8B3708F0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x8B36D840] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8B356308] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8B3561F0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8B3554C4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8B356B90] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8B356420] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8B3553B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwPlugPlayControl [0x8B3708E0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8B35655C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x8B36DA38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8B3570D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8B3569E0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8B36F7DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8B36F72A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8B36F848] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8B3575F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8B36F1B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8B355BA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8B3565FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8B357222] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8B357316] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8B357450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8B356670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8B355664] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8B3555BA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8B356F8A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8B355750] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwRollbackTransaction + 13ED 838788A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 838982F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1397 8389F564 4 Bytes [8A, 52, 35, 8B] .text ntoskrnl.exe!KeRemoveQueueEx + 13BF 8389F58C 8 Bytes [42, F3, 36, 8B, 78, F6, 36, ...] .text ntoskrnl.exe!KeRemoveQueueEx + 1403 8389F5D0 4 Bytes [EE, F9, 36, 8B] .text ntoskrnl.exe!KeRemoveQueueEx + 142F 8389F5FC 4 Bytes [04, 5D, 35, 8B] .text ntoskrnl.exe!KeRemoveQueueEx + 1453 8389F620 4 Bytes [2A, F0, 36, 8B] .text ... .text autochk.exe 001F11D8 4 Bytes [A9, 5F, 5A, 6A] .text autochk.exe 001F11DF 3 Bytes [80, 9D, 01] .text autochk.exe 001F1204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL} .text autochk.exe 001F120C 1 Byte [00] .text autochk.exe 001F1210 1 Byte [00] .text ... ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] ntdll.dll!NtProtectVirtualMemory 776E5000 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] USER32.dll!NotifyWinEvent + 48B 763BF724 4 Bytes [E0, 13, 54, 67] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] ntdll.dll!NtProtectVirtualMemory 776E5000 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: rpchttp.dllunknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] USER32.dll!NotifyWinEvent + 48B 763BF724 4 Bytes [E0, 13, 54, 67] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743F24FA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743D565B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743D5719] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [743F2575] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743E85D9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E4D8D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743E5134] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743E5209] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743E6736] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743E8330] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743E887F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743E90E0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743EE283] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1672] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743E4CBF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF073C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1724] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF073C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2344] @ C:\windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \Driver\ACPI_HAL \Device\0000013d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ????????Po??czenie lokalne* 218?BA????:??????f??????????????? ?????????????????????1??????*?0??? ???????????11?nel???????????????????4????????????????????????????????????????.Po??czenie lokalne* 220??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2Karta Microsoft 6to4 #169????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ????????6to4mp.ndi???????????????B??? ???????Z?????????????1??????????p?&???????????????????????? ?????????????????????1??????*?0??? ????????e??????????? ???????Z?????????????1??????????I?&???????????????????????? ?????????????????????1??????*?0??? ?????????????????????????????????????0?????????????Po??czenie lokalne* 253?????? ?????????????????????1????????????????????????????????????????????????????????????????????Microsoft???? ?????????????????????1????????????????????????????????????????????????????????????????? ???????C??????68???????????_????????????????????????0??????n??????? ?????????????????????1????????????&????????????????????8??? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????levice\NetBT_Tcpip6_{382B3022-F212-48C9-8F80-E1F6EF5B7CB9}] DATAGRAM 240?e\NetBT_Tcpip6_{2C5C8C23-A1E2-4F00-A642-6??????????????????????????????????????????????????????????MSAFD N Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ?????f??? ?????????????????????-??????????????????????z???????????????????$??????????????????????????????????????3??????????????????????? ????????????????????????"?????l????????????????????????????5???????????????????????????????_???????????????????????????????????????????????????????????l??? ???????????????????????????o???????q??????????? ??????????????????? ??????????????????*6to4mp??h???????????C?????e55???????? ??????0??????? ?????????????????????1????????????????????Microsoft???????????????????????????????????????????????????????????????????????????Karta Microsoft 6to4????????????????????????????????????????????????? ???????U????????????????N?????$?|???????9???????????????i??ta??@nettun.inf,%msft%;Microsoft????@nettun.inf,%msft%;Microsoft??????4?????????????16??tunnel?385??????????????s????????-??????????????????????*6to4mp?????????????????????????int?EB???????????S??????????????????????????????????????70???????????? ?????????????? ??????????????????????????????????????nd???????????????????????????????n??????????????????????? ???????1?????7A4??????????????????#???Sterownik karty Microsoft 6to4??????? "?????????????????????????????????? ?????????????????????1????????*???????????@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4?????N?????????????????????????????????????? ??????????????????????????????`????????e??? P?????????????C5??{2BAD2D03-3A3E-4E72-A0E9-4650598D926D}??e?????*??????%????dpic??TCPIP6TUNNEL?Tcpip6??a??\Device\{2BAD2D03-3A3E-4E72-A0E9-4650598D926D}?? a????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????c??????????? ?????????????????????-??????????????????????syst??????????????????????????????????????????? ???????p????????????>??????????????????????t???????????????????????????????????????p??s???????????????????????????????*6to4mp??????? ??????e???e???????d????????????.??????????k????????????????????????X??????????t??*6to4mp?\D???????????????????t??????tunnel??9D??????????????????????????????????????11???l??????????????????????????????? ????????????????????????"?????l?"??????????t?v?~?|?????????????????i???????????????????????&??????????????*6to4mp?????????????*6to4mp?Tc??*6to4mp??????????????2????????m???????????????????????????????????????????????????????????????????????????????????N??????i???????????????????????l???????????m????????????????????????????????????????N?????? ?????DS ??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?-BE????$??????B???????A??6-21-2006???Net?????????????6to4mp.ndi?-49???????????_???????????????????????????????????5???????????????????????????????????????3????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????????????????????? ?????????????????????1??????*?@??? ???????????????????? ????????????????????2?????????????16????????????X?????????????? ???????T?????04???Net???????8?????????????????????????????????????????????????????????????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ?????????????????????????????????????????????????????????????????????**??????????+%?????????????? ???????H??????????????????8???????? ???????????????????Y???????????????{???Y????????$???????p???????????????????t??{4d36e972-e325-11ce-bfc1-08002be10318}?002???????????6?????s85??????????*6to4mp??4???????????B???e??????????int?6-????????????2?????????????16??????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????????????????????????????????????????????????????L?L)/??????????**?????????L???? ???????H??????????????????????????? ????L???????????????L?????L???????L????????????Karta Microsoft 6to4 #14??? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????????????????????????????????????????????????????????????????????????????????????Karta Microsoft 6to4 #151?????4??????-??????38??????s???????s???????s????????????6?????e8-????N??????c??????????text?l??????????????????? ????????????????????????"?????l?y?????????Microsoft???????????? ?????????????????????1??????*?0??? ???????? ??? ????????????????????????"?????l?x?????RO????N??????o???????q???????????????e??????????? ????????????????????????"?????l?{?????F}?????????????????s? ??? ?????????????????????-??????????????????????s894??? ??{???????????x????????????????? ??????????????????????????????????????????????????????????????????????????D???????????p??{9??? ?????????????????????-?????????????????f??? ?????????????????????1??L????????? ???????68??? ?????????????????????1????????????&????????????????????0??? ??z???????????x???? ?????????????????????-??????????????????????s?????? ??y???????????x???????????? ????????????????????????"?????l?w?????DO??????????????????????????8?????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ?????i???????????????e????>?????????????Sterownik karty Microsoft 6to4??????? "??????a??????????*6to4mp?????? ?????????????????????1????????????????????????????????A4??? ??????????????????????????????"??? ???????????? ???????4??????????11??ab??????????????????????????? ??????????????????????????????`????????e??? ??????????????????????????????????????????tunnel??????? ?????????????????????1????????????????????????????????????6-21-2006???? ???????Z?????????????1????????????&???????????????????????? ?????????????????????1??????*?0??? ???????in????????????????????????????????0??????w??k ??Po??czenie lokalne* 150???????????????.Po??czenie lokalne* 155??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2Karta Microsoft 6to4 #123????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????????? ???????|?????????????:??????????4?&???????????????????????????????tunnel???{??? ???????????????????????????S?????etB??????????????????? ???????B?????5}"???????????4?????eAC???????????B?????????????????e????????????????????????Net????????????????????????????e?????????????i??? ???????|?????????????:????????????&????????????????????4??????? ????????????????????????"?????l?.?????????? ??????????????? ??*6to4mp?????????? ????????????????????????????$?N?3?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0051???????N?????????????????{A7E7A406-6E33-46ED-B2E6-66F7E82E5D78}???????????????????????s??? ???????y??????Ad???????????y??????????????? ?????????????????????1????????????&???????????????????????? ???????????????????|?1??????*?.??? ??????row???????????i??????????d4??????3???????????????Po??czenie lokalne* 51??????????????????????????????2????l??????????? ??&???????????????? ?????????????????????-?????????????????f??? ?????????????????????1??L????????? ???????????????????????????4???? ????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ????????????????Net???????N??????o???????q??? ???????}????????????????????"?????????????9D??? ????????????????????????????"?????????????9-??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{293DA84B-E16E-4224-9070-538138365380}] DATAGRAM 75?????????????? ???????}????????????????????"?????????????12??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BB26A511-B3AB-4605-BC52-4EFAD980A1F8}] SEQPACKET 78?c??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BB26A511-B3AB-4605-BC52-4EFAD980A1F8}] DATAGRAM 78??B??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{01844031-352F-420C-9C2B-90EC2C0B2E0E}] SEQPACKET 79????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{01844031-352F-420C-9C2B-90EC2C0B2E0E}] DATAGRAM 79??-???????????l????????m??V??????????????????????????????????????????????????????????????????????int?????? ???????}????????????????????"?????????????4F???????????a????????m??????????????c???????s??? ???????}????????????????????"?????????????A6??????????????????levice\NetBT_Tcpip6_{382B3022-F212-48C9-8F80-E1F6EF5B7CB9}] DATAGRAM 240?e\NetBT_Tcpip6_{2C5C8C23-A1E2-4F00-A64 Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ????20??????? ???????4?????72-???????????f?????e02??????????????????? ???????F?????12-???????????0?????e"???????????????????????? ?????????????????????1????????????????????? ?????????????????????-??????????????????????sice??? ??????????????x???? ?????????????????????-????????????????????????????????? ?????????????????????1??L????????? ???????68???????????????????&??? ?????????????????????1????????????&????????????????????5??? ?????????????????????1????????????????????????????? ?????????????????????1????????z???????????????????? ??cr????z??????P??????nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?u??????????? ?????????????????????1????????????&????????????????????2??????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????????????-??39??????????? ?????????????????????1????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????6.1.7600.16385??0???????????????????????????????????????? ????? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ????????? ??????????????????????????????z???????????? ???????U??????????????????????$?????????t??????Sterownik karty Microsoft 6to4??????? ??????????????????? "?????????????????ndis5_ip6_tunnel????????????????????????Adres sieciowy???????????????????????? ??????i????????????????????c?????????????????????? ???????@????????????????????$?N???????????{295206D6-C9FF-4792-93D2-3D4ED0491B11}???????????????????e???????????c???????s??? ???????????????????????????{??????????tu???????}????????????????????????????????$?????????????????ROOT\*6TO4MP\0120???????????????????????????????????????????????????????????text?o???????????????????2???????????_??????????Typ?????nettun.inf??DA??? ???????1??????11? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????6to4mp.ndi??? ??????????????????????? ?????????????????????1????????????????????????????????????????? ?????????????????????1?????????????????????????????T??ip????:??????_??6_??????????????????????????????????????????????????????????? ??????????????????????????????????????????? ??????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? "?????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????2??2-??t???????? ??????????????????????????????z?????#ros??? ?????????????????????1??????*?0??? ???????St???????????1??C9???????????s?????sum??Microsoft???*6to4mp?01???????????????????????????????????????F??B8???????????\? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ????????? ????????????????????????"?????l???????????? ???????:?????????????:????????????&???????????????????????@nettun.inf,%6to4mp.displayname%;Karta Microsoft 6to4???????????????????????????? ???????:?????????????:????????????&????????????????????????????????????????????????????????e??? ?????????????????????1?????????????????????????????????}??? ??????????????????????????????`???????????? P?????????????????{7153B063-04F2-4C25-9CE3-D16470FA6699}????????*???????????d?????TCPIP6TUNNEL?Tcpip6???????????????`?????????????\Device\{7153B063-04F2-4C25-9CE3-D16470FA6699}??????? ??????????????????????????????>????????&???????????F???e??tunnel?t?"????>??????4??????Sterownik karty Microsoft 6to4?{?|???????????????&??????????????? ??????????????????????????????"??? ????????&??? ??????????????????tunnel??????? "?????? ??????????ndis5_ip6_tunnel????????????????????? ??????????????????????????????????????????????????????? ???????????????????????????????????????????-???????????_????cl?q??Adres sieciowy???p???????????? ???? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ????6F??????-2??? ????????????????????????"?????l???????-4????N???????????D??B??????????????????levice\NetBT_Tcpip6_{382B3022-F212-48C9-8F80-E1F6EF5B7CB9}] DATAGRAM 240?e\NetBT_Tcpip6_{2C5C8C23-A1E2-4F00-A642-6??????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9ECCCABD-E069-44F8-9FFD-1B1518DFE924}] DATAGRAM 47?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????????????????????"?????????????4-??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{06B628D0-0151-4C9A-97BB-F79CBEBD30BA}] SEQPACKET 31?-??? ????????????????????????????"?????????????6-??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{06B628D0-0151-4C9A-97BB-F79CBEBD30BA}] DATAGRAM 31??-??? ????????????????????????????"?????????????6-??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1A9DA104-9E72-456C-9FCD-FF264710AC96}] SEQPACKET 29????????????????????????????? ????????????????????????"?????l????????O??{4d36e9 Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route ????????6.1.7600.16385????????:?????????????@nettun.inf,%msft%;Microsoft??????0?????????????????????????????????????????????????*6to4mp?.1???????????????????}???????o??? ?????????????????????1????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????????s????`??????????????????????l??????????? ???????2??????????????????????? ??????????????????????????????????????????????{DC9FE306-882A-4369-B93A-F669833F6FF1}??????? ??????????????????int??????????????????????????????????????3??????????? *?????????????IS??? P??????m?????pla???????????d???e??tunnel?-8C??tunnel??????D3??? ???????@????????????????????$?N?????????????*?????????????????TCPIP6TUNNEL?Tcpip6?????????????6to4mp.ndi?OS ???????????t??????ip??Microsoft???? ?????????????????????1????????????????????? ??????????????????????????????????????3-???????????b???e????>?????????????Sterownik karty Microsoft 6to4???????????????????????e??????????? ???????????????????????????????????????0??????????? ? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ?????u???????????B?????????????????????????e?9???f???????????????????B??????De???????????????????B???????????????e???????k??????la???????????????????????????l?z???????k?k?l?k???g??????????????????????????????????????????6to4mp.ndi??85???????????????????B????????????????????m?????????????????????????????????????s???????????????????????? ???????3????? DA????????????????????m???????0??????B???e??????????????????????int?-1???????????????????????Z???????h???????????????????????? ??????????????????????B???????????_??????????text?????????????????????????????????t?????eip????????????????????m?????int?????????????????????????????? ?????????????????????1????????????&?????????????????????????????????????????????????????????????????????????????`?????????????????6.1.7600.16385??????? P???????????????????*?????????????????? *?????????????? ??Karta Microsoft 6to4????????????????????????????????????????????????{2E8FCB9E-2ED7-4860-88BC-8FF01737D565}??????TCPIP6TUNNEL?Tcpip6?????????????? ???????????????????????l??????? ????$ Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ?????????????????????????????????????????????????h??1??1?1??1???????????2????????????????????????????????4?????????????????????????s????????????????????????????????????????????????????????????? ???????????g??????????????1????????:???????4????H????????????n????? ???????????????????????????????????????t??Service?????????ODiag?????????????????????????????????$?????????????????Internal?????????????????;???????:????????????????????????????????????????????????????(???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ????????????????????????????????????????????????????????Mobile Intel(R) GMA 4500M???????pci??-??1??1?1???\?`?:?????????????????????????e?????????-???8??????? ???-??????????????????????????????????????Mouse???????????????g?????????????"?????????????????????????MEDIA?????????o???B????h063??????????????t???TwoPPM???????????o???2???????e??? 8??o???0?????CI\??NT AUTHORITY\networkService?PC????,??q???-???????-????????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???p?p???????o???????????????????????f????N??????g????D-Do?????o??????R?????????????????????????????????????System32\drivers\hwpolicy.sys???????????tunnel???i???????????????????????????????}??????????????????????e5??@%SystemRoot%\system32\drivers\mountmgr.sys,-100?????????????????????????p??????????6-21-2006????p??????????PerfMon_Collect??????????o???&???p????????????????????????????????????????????????????????????????????`??p????????????????????,??p???????????????p??????????????????????BiPhase??????&???p?????????????????????????????????????M@????????????p???p??????????????@%systemroot%\system32\rascfg.dll,-32013?????????????D????????m1.s????8??p????????h?????system32\DRIVERS\intelppm.sys?ntelppm.sys?????????????????????????:??p????????h?????????????????????en???????????5???????????????????????????j?n?p?o?p?p?5??????????????????????Net?????*6to4mp??????????????????????????????U???????e???????????P??????RT??WPD?????? ???????/???????????e????????(??????????????T????????????????????????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???|?|??cdrom.inf????????????:??System???????????????z???????????????????#??Display??????o?p?p???????_???0???????????????_???????????????;?????????????????????????;???????;????Microsoft??????9?????;???;??????????????PCI\VEN_8086&DEV_2935&SUBSYS_C06D144D&REV_03\3&11583659&0&E9?????????_??????????????NDIS??????d?????????????????????Natalia?????? h??~??????????o???? N?????????????????????????????ip???????;???:??????6.1.7600.16788??????? ???????;???????????4?1????????,???????????pci\ven_8086&dev_293c????????????????????????????1??85???;??USB?ta???;???????????W???????????~?~?~?~?~?~?~?;?;???????????0??????????? ???????;???????????9?1?????????????????????????????????????????????????????????;???????????;??%Systemroot%\System32\wshqos.dll??????????????????????h???????????????????????h??????????;???????g??????????????????????????????????????????????????????????????????????????????????Tcpip?Tcpip6?NetBIOS?Psched?????? ???????9???????????:????????.?????????????????????????? ???????:?????;???????1????????????????????? ? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???o??????R?????????????????????????????????????System32\drivers\hwpolicy.sys???????????tunnel???i???????????????????????????????}??????????????????????e5??@%SystemRoot%\system32\drivers\mountmgr.sys,-100?????????????????????????p??????????6-21-2006????p??????????PerfMon_Collect??????????o???&???p????????????????????????????????????????????????????????????????????`??p????????????????????,??p???????????????p??????????????????????BiPhase??????&???p?????????????????????????????????????M@????????????p???p??????????????@%systemroot%\system32\rascfg.dll,-32013?????????????D????????m1.s????8??p????????h?????system32\DRIVERS\intelppm.sys?ntelppm.sys?????????????????????????:??p????????h?????????????????????en???????????5???????????????????????????j?n?p?o?p?p?5??????????????????????Net?????*6to4mp??????????????????????????????U???????e???????????P??????RT??WPD?????? ???????/???????????e????????(??????????????T??????????????????????????????????????????????????????????????????g????p?????????????? ?????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???p???????p?p???????????p??Processor????p????????????????|????????????e?????????s???f?h?q?q?r?i?l???????v??? ???g???????????????????????????????}???e??? ???[???l??????????en??????15??????-0???????????????????????????o?o?o?o?o?o?o?o?o?o?o?o?o?o?p?o??????????????????????????????n??????p??intelppm?????????p??system32\DRIVERS\SynTP.sys???????????????E??????r????????u??? ???s??????????????????????????????????36???????????????t?t?t???????????????????????????????????????????c???????S??\\?\USB#ROOT_HUB#4&11265273&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}?4??? J??????g?????eco???????????????????????'/?7|???9??s???????s????????????o??????il???o???????p???????p??????e???????????????t????}??????Typ?????????????t????????&????N??????&???????????????????????????????????????p??????e???????????????t???{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp\5&14e55b1&0&01???? ???????????????????????????????p??????2.??f????????????????????p???????????9?9?????????????.?????sen????2??t????????h??????????????????????????????p??????????PnP Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ?????????p??? ???????k?????????????9????????N????????????????l??????s????????????}???????????????z??? H??????u?????psh???????????????????????????k?????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}????????N??k???.???????????????????????t???????????o???????????????????~???k?kmb??????? ???????k?????k?????j?,???????????? ????????:????z??????4?g?????k??? ???????k???????????f?9????????P????????????????4?????????????????????????????k?&???k?????k?&??5574?????????|???????l??????s???text??????????????????????????N?????????????????????????????????????????????????????????????????????????????????????????????????.NT?????????CB??????????????????????tunnel???????k?k?k???????????????????????k??????????6.1.7600.16385???????k?k00????????????????????@??k??????????Microsoft Streaming Clock Proxy??????k?k?????????????????????????k??????????ksfilter.inf?????k?k???????????k?&???k???????????????????????k???????????k?kl????????????????????????k???????????????????k?k?????????????????????????k??????????????????? ???????k?????k?????k?,??? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???o?s??.NTx86???????k???????5??{8ECC055D-047F-11D1-A537-0000F8753ED1}?5D-????N???????????D?????? B???????????????????????X?????????????? ~??l???????????????????p??????????? ???????k?????k???????1????????????&??????????????????????????k?????????????????????????k?k??????????????????????????N??l???n?????D?????????l????8??y???t??disk?????????????B??Microsoft????????????????k???k???k??? t???????????????????X??????.???6??????????????t???Net?????*6to4mp??????????u???????/?????k?&???????????????????m??midi????{8ECC055D-047F-11D1-A537-0000F8753ED1}????????X??????\???\???{??????????????6-21-2006???? ???????k???????????k?1?????????????????????????????????????????????????k??????????6.1.7600.16385??????????? ???????k?????k?????k?9??????????A? ???????M????????k???????e??????? ???????k???????????t?9????????N???????????RasAgileVpn??????????????????????k??????????????????????Microsoft?????X???????????????X?????????????c_874.nls???? ???????k???????????k?1?????????????????????k?kP???? h??????????????????????t????????????????? Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ???{?~???????s???????????????????x??????????????????text??????X?????????????????????.NT?????6-21-2006??????????????{???{?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|Name=@FirewallAPI.dll,-34753|Desc=@FirewallAPI.dll,-34754|EmbedCtxt=@FirewallAPI.dll,-34752|??????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|?????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|Name=@FirewallAPI.dll,-34753|Desc=@FirewallAPI.dll,-34754|EmbedCtxt=@FirewallAPI.dll,-34752|??????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallA Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ?????????????????? ??4????????r?????System CMOS/real time clock??o???~??????????????????????????\Device\{E2F8A220-AF88-446C-9A55-453E58DD3A33}?\Device\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}?\Device\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}?\Device\{483C9FF8-503D-414B-B402-E4C1F1F568CB}?\Device\{E28D896F-9EA8-433A-9C10-66C97C19A921}?\Device\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}????(??"{E2F8A220-AF88-446C-9A55-453E58DD3A33}"?"{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"?"{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"?"{483C9FF8-503D-414B-B402-E4C1F1F568CB}"?"{E28D896F-9EA8-433A-9C10-66C97C19A921}"?"{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"???????\Device\NdisWan_{E2F8A220-AF88-446C-9A55-453E58DD3A33}?\Device\NdisWan_{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}?\Device\NdisWan_{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}?\Device\NdisWan_{483C9FF8-503D-414B-B402-E4C1F1F568CB}?\Device\NdisWan_{E28D896F-9EA8-433A-9C10-66C97C19A921}?\Device\NdisWan_{636FF46E-80FE-4314-BC84-DC7749EDE5B4}??wan??? ???????6?????????????1??????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???o?t???????o???????????o??????????????????RPCSS??-?-????????????????????????b??p?????????e????????????????????????????????????????????enum?n????????????????(??p??????p???????????? ???????o?????o?????o?????????????? ????????????????????????e??? ???????o???????????o?????????? ????????????? ??o???????????r??DisableIoctl=1;?????? ???????o???????????o????????????????????????????????????5??????o?????o???o????? ???????o?????o?????|??????????R????????0????6??p????????h??????????f???u?????o??????????????????:??u???????????????????????:???????????????????o??????????RpcSs?????????????????????????D??p???????????e??ServiceMain??????????????????????????????????????????????????????????????s??? ???????o?????o?????o?????????????? ????????????????????????e??? ???????o???????????o???????????????????????????o???????????r??/MAXTAGS=64?????? ???????o???????????o????????????????????????????????????5????????o???o????? ???????o?????o?????????????????? ?????????? ???????o?????o?????o??????????R???????????????????????t????p?p?p??? ? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ???{?|??????ei???????t???|???????????????|???|??????????int?????? ???????{?????{??????????L?????????&????????????????????????~?~?????????????? ??\???????e??? ???????{????????????????L??????????????s?????{????? ???????o?????{?? ??{????????$?????????v???@%SystemRoot%\System32\swprv.dll,-103???%SystemRoot%\System32\svchost.exe -k swprv????????L??{?????????n????@%SystemRoot%\System32\swprv.dll,-102???? ???{????????????????????????????????????:??????????1???????????????????????u???????????e??? @??{?????????????????{???????|??????V??{????????h?????????????????t?????:??????????2???|???????????????????????????{??????????????????SeBackupPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeCreatePermanentPrivilege?SeImpersonatePrivilege?SeManageVolumePrivilege?SeRestorePrivilege?SeIncreaseBasePriorityPrivilege?SeManageVolumePrivilege?SeRestorePrivilege?SeTcbPrivilege?????o?{?{?{?{?{?{?{?{?{????? ???????{???????????{??????????@??? ???????????%Systemroot%\System32\swprv.dll?????? ???????o?????{?? ???????????$???? Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ?????{??????????22??????????????????????????????or???????????????????&??????C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL?C\??? ???????q???????????o????????&???L??????>???????????????????????????????????????????????????????????????????q???&??????????????????????????????????????????? ???????q???????????p????>?????d???????ge??C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???? ??e????s??????Dh??? ???o???.??????e??????????????l?????g????? `?????????????????? ???????.?????.?.???????B???k???????k????????????????????????X???????????????N??n???b?????D?????k?k?o?o?o?k?k???????l??????s????????p???????|??? ???????k?????k?????k?,???????????? ?????????????N?????????????????? ???????k???????????i?9????????N???????????? ???????k???????????k?1?????????????????????k??? ???????k???????????i?9????????\??????????????k?&??? ???????k?????k?????k?,??????????'???????????????z????????g?????????$???????x??????s????????v??????????????t??????k?&???k??? ???????k?????k???????1?????????????????????k???k???????$??@%SystemRoot%\system32\tcpipcfg.dll,-50004??????????????????????????? h?????????????????Microsoft???????t????k???????????????????????e???????????????e???????????????????????????????4?????sd-??{4d36e972-e325-11ce-bfc1-08002be10318}\0004?st??t???.NT?????????s?????N??k???-????DA24????N??k???????????????????4???o??so???????????k??? ???????k?????k?????k?,???????????????????C????? `??????/????????? Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???p?p???????????p??Processor????p????????????????|????????????e?????????s???f?h?q?q?r?i?l???????v??? ???g???????????????????????????????}???e??? ???[???l??????????en??????15??????-0???????????????????????????o?o?o?o?o?o?o?o?o?o?o?o?o?o?p?o??????????????????????????????n??????p??intelppm?????????p??system32\DRIVERS\SynTP.sys???????????????E??????r????????u??? ???s??????????????????????????????????36???????????????t?t?t???????????????????????????????????????????c???????S??\\?\USB#ROOT_HUB#4&11265273&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}?4??? J??????g?????eco???????????????????????'/?7|???9??s???????s????????????o??????il???o???????p???????p??????e???????????????t????}??????Typ?????????????t????????&????N??????&???????????????????????????????????????p??????e???????????????t???{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp\5&14e55b1&0&01???? ???????????????????????????????p??????2.??f????????????????????p???????????9?9?????????????.?????sen????2??t????????h??????????????????????????????p??????????PnP Filter? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???p?p???????????????:??????????? ?????????????????????9?????????????????????????T??????????????SynTP??t?v????F??????????????????????U???????????????_?e?f???????p?????0???0????????????????????????????????????? ???????:?????????????1????????????&??????????????????????????.???.?????????????????????????????z???}???~?~an??????? ???????????????????~???????? ?B???????AD??{4d36e96a-e325-11ce-bfc1-08002be10318}\0002?D5??storprop.dll,HdcCoInstaller??.??? ???????8 ????????????1????????????&????????????????????T??? ?????????????????????1????????????????????? ???????????????????8?1????????:???????????storprop.dll,HdcCoInstaller??????????????:??????????ATA Channel 5?????B?????? ???????2??storprop.dll,AtaPropPageProvider?S????B?????????????????????Terminal Server?Personal????? ?????????????????????1????????????????????? ???????????????????:?1????????B???????????storprop.dll,AtaPropPageProvider????? ???????0?????????????3????????????????????????????? ?????????????????????3?????????????????????y????????????????????????????? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???p????Net?????tunnel??????? ??????????????????System32\Drivers\ksecdd.sys?????????????????t??????????????????e??????????????????8??u????????h??????????????j???????????? ??:???6???6??6-21-2006???.NT??n??????????????s???????Microsoft???WpdFs??0?s???k?k?p?????????????????? ?????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23521???????@FirewallAPI.dll,-23522???????MPSSVC?????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P????????????????????????????t???p???????p??????p???Microsoft UAA Bus Driver for High Definition Audio??????Cryptography????@%systemroot%\system32\drivers\hwpolicy.sys,-101????system32\DRIVERS\iaStor.sys???????^??t?????????e?????????????\??????\L??t-???????????p???????????p?????????????????????????????????v?v?v?p???????????????????????u??????????????????????????????RPCSS???????*IBM0057????????????????????????NCT1001??????????????o????????????????? Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???{?{???????5?????????????????n?????????????????????????m??????????????|???%systemroot%\system32\LogFiles\Firewall\pfirewall.log???? ???{??????????3????????{???????????2??????? ???????y?????w????????????????????????????????????? ???????{?????{????????????????????????????????? ???????{???????????'???????????????????'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_Out_Allow|Desc=Network rules for outbound TCP traffic from AxInstSV|??????V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ|???? ???{??????????????? ???{???????????????????i???????h???????{?????????????1?????w?????{????? ???????{?????{????????????????????????????? ???????{????????a???????????@?????????????V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ|????V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to Even ---- EOF - GMER 1.0.15 ----