Log z ComboFixu a nový log Kernel Module, problém bohužel není vyřešen.
ComboFix 10-09-14.01 - Administrator 14.09.2010 20:24:14.5.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1602 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1201 [VPS 100914-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-14 do 2010-09-14 )))))))))))))))))))))))))))))))
.
2010-09-12 08:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 08:11 . 2010-09-12 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-12 08:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 11:16 . 2010-09-11 11:16 -------- d-----w- c:\program files\Alcohol Soft
2010-09-09 16:30 . 1997-06-06 12:52 11264 ----a-w- c:\windows\system32\SPORDER.DLL
2010-09-08 10:19 . 2010-09-09 16:28 -------- d-----w- c:\program files\HTTP-Tunnel
2010-08-27 08:51 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-27 08:51 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-27 08:51 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-27 08:51 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-27 08:51 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-27 08:51 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-27 08:51 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-27 08:51 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-17 14:33 . 2010-08-17 14:33 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 11:14 . 2008-05-22 19:46 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-11 10:56 . 2010-05-17 20:59 -------- d-----w- c:\program files\trend micro
2010-09-08 14:04 . 2008-06-03 16:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-27 09:02 . 2010-08-05 16:17 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-27 09:02 . 2008-05-18 11:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-23 20:23 . 2010-03-02 18:48 -------- d-----w- c:\program files\ICQ7.0
2010-08-17 14:33 . 2009-06-14 15:32 -------- d-----w- c:\program files\Java
2010-08-17 14:32 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2010-08-17 14:32 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-07 21:00 . 2008-10-02 11:58 22328 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys
2010-08-07 21:00 . 2008-10-02 11:58 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-07 18:21 . 2008-10-02 11:58 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-06 21:07 . 2008-05-09 06:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-06 18:12 . 2010-08-06 18:12 0 ----a-r- C:\logwmemory.bin
2010-08-05 17:31 . 2010-08-05 17:31 -------- d-----w- c:\program files\Analog Devices
2010-08-05 16:53 . 2010-08-05 16:53 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-08-05 16:48 . 2008-05-18 11:17 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-05 16:48 . 2010-08-05 16:48 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-05 16:48 . 2010-08-05 16:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-05 16:48 . 2010-08-05 16:48 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-05 16:34 . 2010-08-05 16:34 -------- d-----w- c:\program files\Driver-Soft
2010-08-05 16:22 . 2010-08-05 16:22 -------- d-----w- c:\program files\Intel
2010-08-05 16:22 . 2010-08-05 16:22 -------- d-----w- c:\program files\ASUS
2010-08-05 15:51 . 2010-08-05 16:22 24576 ----a-w- c:\windows\system32\AsIO.dll
2010-08-05 15:51 . 2010-08-05 16:22 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2010-08-05 15:51 . 2010-08-05 15:51 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-08-05 11:42 . 2008-05-15 14:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-05 10:28 . 2008-10-04 19:58 -------- d-----w- c:\program files\DivX
2010-08-05 10:18 . 2008-05-09 06:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-05 10:18 . 2008-05-09 06:04 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-05 09:35 . 2010-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
2010-08-05 09:24 . 2010-08-05 09:24 -------- d-----w- c:\program files\MSXML 4.0
2010-07-24 19:45 . 2009-04-04 18:39 -------- d-----r- c:\program files\Skype
2010-07-18 09:43 . 2008-05-09 07:47 98304 ----a-w- c:\windows\DUMP440d.tmp
2010-07-17 03:00 . 2010-04-16 18:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 07:24 . 2008-05-09 07:47 98304 ----a-w- c:\windows\DUMP59d9.tmp
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-07 19:49 . 2008-05-09 07:47 98304 ----a-w- c:\windows\DUMP4323.tmp
2010-07-07 11:46 . 2008-05-09 06:19 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:33 . 2004-08-17 13:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:12 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:12 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 10:06 . 2008-05-09 07:47 98304 ----a-w- c:\windows\DUMP56da.tmp
2010-06-24 09:02 . 2004-08-17 13:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 15:47 . 2010-08-05 15:51 374048 ----a-w- c:\windows\system32\yk51x86.dll
2010-06-23 15:47 . 2006-07-26 06:56 305696 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-17 13:49 80384 ----a-w- c:\windows\system32\iccvid.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Hry\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Hry\\World of Warcraft\\Launcher.exe"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe"=
"c:\\WINDOWS\\TBPanel.exe"=
"d:\\Hry\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"d:\\Hry\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"d:\\Hry\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\Hry\\Claw\\CLAW.EXE"=
"d:\\Hry\\Assassin's Creed 2\\AssassinsCreedIIGame.exe"=
"d:\\Hry\\Assassin's Creed 2\\AssassinsCreedII.exe"=
"d:\\Hry\\Assassin's Creed 2\\UPlayBrowser.exe"=
"d:\\Downloads\\offlineserver-v0.44\\server.exe"=
"d:\\Hry\\Heroes of Newerth\\hon.exe"=
"d:\\Hry\\Rockstar\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Hry\\Rockstar\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Hry\\Rockstar\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Hry\\Baldur's Gate II\\BGMain.exe"=
"d:\\Hry\\Prince of Persia - The Forgotten Sands\\Prince of Persia Zapomenuté písky\\Prince of Persia.exe"=
"d:\\Hry\\Prince of Persia - The Forgotten Sands\\Prince of Persia Zapomenuté písky\\GameSettings.exe"=
"d:\\Hry\\Prince of Persia - The Forgotten Sands\\Prince of Persia Zapomenuté písky\\gu.exe"=
"d:\\Hry\\Prince of Persia - The Forgotten Sands\\Prince of Persia Zapomenuté písky\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Hry\\StarCraft II\\StarCraft II.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\FC\\FEARMP.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Apps\\2.0\\Z7XT4GEL.4GQ\\9T8E80T2.J6N\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe"=
"d:\\Hry\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.6.2008 16:27 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.6.2008 16:27 20560]
S0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys --> c:\windows\system32\Drivers\xmasscsi.sys [?]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe --> d:\hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.5.2008 21:46 697328]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.cz.o2.com/welcome/cz/index.html
uInternet Settings,ProxyServer = proxy.vscht.cz:3128
uInternet Settings,ProxyOverride = 147.33.*, 195.113.*, cesnet.cz, ftp.linux.cz, *.vscht.cz, .sh.cvut.cz, ftp.mandrake.cz, ultra.linux.cz, ftp.zcu.cz, ftp.cztug.cz, ftp.debian.cz, odysseus.fi.muni.cz, sunsite.mff.cuni.cz, ftp.vse.cz, .e-academy.cz
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y0mfjluz.default\
FF - prefs.js: browser.search.selectedEngine - Wowhead
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.cz/
FF - prefs.js: network.proxy.ftp - proxy.vscht.cz
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - proxy.vscht.cz
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - proxy.vscht.cz
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy.vscht.cz
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.vscht.cz
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-09-14 20:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2025429265-1202660629-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:55,ac,8d,08,27,a1,bd,07,57,75,d6,48,54,1b,d0,a8,ca,b5,e2,f6,7f,28,57,
d4,c6,d0,cd,7b,8a,1a,b2,24,54,2c,1f,73,b7,64,a4,23,0a,38,40,2c,9e,b9,e5,d4,\
"??"=hex:7a,ab,7e,04,e8,89,af,4f,a6,a9,79,ad,98,f4,77,5e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-09-14 20:29:17
ComboFix-quarantined-files.txt 2010-09-14 18:29
ComboFix2.txt 2010-05-19 10:40
Před spuštěním: Volných bajtů: 44 687 745 024
Po spuštění: Volných bajtů: 44 775 288 832
- - End Of File - - 0F727AC2A2E85C07E3C4B1C81773C8BF
Kernel Module:
\WINDOWS\system32\DRIVERS\1394BUS.SYS
ACPI.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\drivers\AsIO.sys
\WINDOWS\system32\BOOTVID.dll
\SystemRoot\System32\Drivers\Beep.SYS
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\KDCOM.DLL
KSecDD.sys
MountMgr.sys
\SystemRoot\System32\Drivers\Msfs.SYS
Mup.sys
NDIS.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
Ntfs.sys
\SystemRoot\System32\Drivers\Null.SYS
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\DRIVERS\PS2.sys
PartMgr.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\Senfilt.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
VolSnap.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\aswFsBlk.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
atapi.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
disk.sys
dmio.sys
dmload.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\dump_JRAID.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
fltmgr.sys
ftdisk.sys
\WINDOWS\system32\hal.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
isapnp.sys
jraid.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\WINDOWS\system32\ntdll.dll
\WINDOWS\system32\ntkrnlpa.exe
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\system32\DRIVERS\nv4_mini.sys
ohci1394.sys
pci.sys
pciide.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\serial.sys
sr.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys