Rootkit Unhooker kan ikke pakkes ud, da der ved 72% opstår en CRC fejl… Og jeg har prøvet både med Winrar, indbygget RAR i total commander og andre pakkeprogrammer…

Når jeg prøver med RCC (manuelt, for batch filen lukker bare ved fejl), så får jeg en fejlmeddelse der hedder:
Unable to load driverDen angivne fil blev ikke fundet

Præcist sådan står det… Og hvis jeg prøver i ikke-fejlsikret tilstand, så kører den fint nok i 15 sek, og så lukker den vinduet og loggen er tom…

Ja, jeg får også fejlen ved RKU. Prøv så at hente den fra ét af disse steder:
http://rapidshare.de/files/31078803/RKU2022.rar.html”
http://rkunhooker.narod.ru/binaries/rkunhooker_v202/RKU2022.rar

RAIDE må vi springe over så. Det er et program i tidligt beta-stadie, og er tilsyneladende endnu for ustabilt til “offentlig” brug. Prøv i stedet at scanne med Sophos’ antirootkit:

Hent Sophos AntiRootkit herfra:
http://www.sophos.com/support/cleaners/sarsfx.exe
Dobbeltklik på filen, og følg instruksionerne for at installere Scanneren. Kør herefter scanneren, og noter ned, hvis den finder noget.

Sophos fandt ingenting…

RHunhooker:
RkUnhooker report generator v0.32
=========================================
Rootkit Unhooker kernel version: 2.02.50
=========================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
=========================================
System Call Instruction State - Normal
Actuall Address 0x804DEF6F
=========================================
>SSDT State

Hooked service: NtOpenProcess Actuall Address 0xF7E0E8AC Hooked by: C:\Programmer\ewido anti-spyware 4.0\guard.sys

Hooked service: NtTerminateProcess Actuall Address 0xF7E0E812 Hooked by: C:\Programmer\ewido anti-spyware 4.0\guard.sys
Service: NtAcceptConnectPort Actuall Address 0x80586691
Service: NtAccessCheck Actuall Address 0x805706EF
Service: NtAccessCheckAndAuditAlarm Actuall Address 0x80579B71
Service: NtAccessCheckByType Actuall Address 0x80580B5C
Service: NtAccessCheckByTypeAndAuditAlarm Actuall Address 0x80598FF7
Service: NtAccessCheckByTypeResultList Actuall Address 0x80636B80
Service: NtAccessCheckByTypeResultListAndAuditAlarm Actuall Address 0x80638D05
Service: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Actuall Address 0x80638D4E
Service: NtAddAtom Actuall Address 0x8057641C
Service: NtAddBootEntry Actuall Address 0x8064755B
Service: NtAdjustGroupsToken Actuall Address 0x80636347
Service: NtAdjustPrivilegesToken Actuall Address 0x80598539
Service: NtAlertResumeThread Actuall Address 0x8062E4EC
Service: NtAlertThread Actuall Address 0x8057998C
Service: NtAllocateLocallyUniqueId Actuall Address 0x8059055E
Service: NtAllocateUserPhysicalPages Actuall Address 0x8062561F
Service: NtAllocateUuids Actuall Address 0x80595801
Service: NtAllocateVirtualMemory Actuall Address 0x80568777
Service: NtAreMappedFilesTheSame Actuall Address 0x805DA3FD
Service: NtAssignProcessToJobObject Actuall Address 0x805A4567
Service: NtCallbackReturn Actuall Address 0x804E3340
Service: NtCancelDeviceWakeupRequest Actuall Address 0x80647547
Service: NtCancelIoFile Actuall Address 0x805CBCA2
Service: NtCancelTimer Actuall Address 0x804F9F8F
Service: NtClearEvent Actuall Address 0x80566C11
Service: NtClose Actuall Address 0x805675D9
Service: NtCloseObjectAuditAlarm Actuall Address 0x805989A7
Service: NtCompactKeys Actuall Address 0x8064D537
Service: NtCompareTokens Actuall Address 0x80582410
Service: NtCompleteConnectPort Actuall Address 0x80580562
Service: NtCompressKey Actuall Address 0x8064D7A5
Service: NtConnectPort Actuall Address 0x80598C34
Service: NtContinue Actuall Address 0x804E28FF
Service: NtCreateDebugObject Actuall Address 0x80658494
Service: NtCreateDirectoryObject Actuall Address 0x805A4A04
Service: NtCreateEvent Actuall Address 0x8056B553
Service: NtCreateEventPair Actuall Address 0x80647BAC
Service: NtCreateFile Actuall Address 0x8057164C
Service: NtCreateIoCompletion Actuall Address 0x80597EED
Service: NtCreateJobObject Actuall Address 0x805AD39A
Service: NtCreateJobSet Actuall Address 0x8062E993
Service: NtCreateKey Actuall Address 0x8056F063
Service: NtCreateMailslotFile Actuall Address 0x805DA312
Service: NtCreateMutant Actuall Address 0x80578E73
Service: NtCreateNamedPipeFile Actuall Address 0x80580F0D
Service: NtCreatePagingFile Actuall Address 0x805BD9D8
Service: NtCreatePort Actuall Address 0x80592699
Service: NtCreateProcess Actuall Address 0x805B3543
Service: NtCreateProcessEx Actuall Address 0x805885D3
Service: NtCreateProfile Actuall Address 0x806481CD
Service: NtCreateSection Actuall Address 0x80564B1B
Service: NtCreateSemaphore Actuall Address 0x805750D8
Service: NtCreateSymbolicLinkObject Actuall Address 0x805A27B0
Service: NtCreateThread Actuall Address 0x8057F262
Service: NtCreateTimer Actuall Address 0x805DF0B0
Service: NtCreateToken Actuall Address 0x805AAD09
Service: NtCreateWaitablePort Actuall Address 0x805A4F96
Service: NtDebugActiveProcess Actuall Address 0x8065960C
Service: NtDebugContinue Actuall Address 0x80659767
Service: NtDelayExecution Actuall Address 0x80565FE1
Service: NtDeleteAtom Actuall Address 0x805796B4
Service: NtDeleteBootEntry Actuall Address 0x80647547
Service: NtDeleteFile Actuall Address 0x805D8CF7
Service: NtDeleteKey Actuall Address 0x8059D6BD
Service: NtDeleteObjectAuditAlarm Actuall Address 0x80638DA5
Service: NtDeleteValueKey Actuall Address 0x80597430
Service: NtDeviceIoControlFile Actuall Address 0x8057FBD0
Service: NtDisplayString Actuall Address 0x805C10E1
Service: NtDuplicateObject Actuall Address 0x805743BE
Service: NtDuplicateToken Actuall Address 0x8057D3F7
Service: NtEnumerateBootEntries Actuall Address 0x8064755B
Service: NtEnumerateKey Actuall Address 0x8056F76A
Service: NtEnumerateSystemEnvironmentValuesEx Actuall Address 0x80647533
Service: NtEnumerateValueKey Actuall Address 0x805801FE
Service: NtExtendSection Actuall Address 0x80624448
Service: NtFilterToken Actuall Address 0x805B2D2D
Service: NtFindAtom Actuall Address 0x80598095
Service: NtFlushBuffersFile Actuall Address 0x805797B4
Service: NtFlushInstructionCache Actuall Address 0x805769AB
Service: NtFlushKey Actuall Address 0x80594925
Service: NtFlushVirtualMemory Actuall Address 0x8059B83B
Service: NtFlushWriteBuffer Actuall Address 0x80625E7F
Service: NtFreeUserPhysicalPages Actuall Address 0x806259D4
Service: NtFreeVirtualMemory Actuall Address 0x80568FC4
Service: NtFsControlFile Actuall Address 0x8057DA0D
Service: NtGetContextThread Actuall Address 0x805DC5B0
Service: NtGetDevicePowerState Actuall Address 0x8062ACE3
Service: NtGetPlugPlayEvent Actuall Address 0x805A1173
Service: NtGetWriteWatch Actuall Address 0x8053B0EF
Service: NtImpersonateAnonymousToken Actuall Address 0x80596925
Service: NtImpersonateClientOfPort Actuall Address 0x80581B6A
Service: NtImpersonateThread Actuall Address 0x8057C33A
Service: NtInitializeRegistry Actuall Address 0x805A5A4D
Service: NtInitiatePowerAction Actuall Address 0x8062AAAF
Service: NtIsProcessInJob Actuall Address 0x8062E84B
Service: NtIsSystemResumeAutomatic Actuall Address 0x8062ACCA
Service: NtListenPort Actuall Address 0x805ACE2A
Service: NtLoadDriver Actuall Address 0x805A6B26
Service: NtLoadKey Actuall Address 0x805B0F28
Service: NtLoadKey2 Actuall Address 0x805B0D76
Service: NtLockFile Actuall Address 0x80584301
Service: NtLockProductActivationKeys Actuall Address 0x805B2EFD
Service: NtLockRegistryKey Actuall Address 0x805D5933
Service: NtLockVirtualMemory Actuall Address 0x805B236A
Service: NtMakePermanentObject Actuall Address 0x805A2A81
Service: NtMakeTemporaryObject Actuall Address 0x805A2C6E
Service: NtMapUserPhysicalPages Actuall Address 0x80624B13
Service: NtMapUserPhysicalPagesScatter Actuall Address 0x80624FE2
Service: NtMapViewOfSection Actuall Address 0x80573C04
Service: NtModifyBootEntry Actuall Address 0x80647547
Service: NtNotifyChangeDirectoryFile Actuall Address 0x80582C94
Service: NtNotifyChangeKey Actuall Address 0x805829DD
Service: NtNotifyChangeMultipleKeys Actuall Address 0x80582AA6
Service: NtOpenDirectoryObject Actuall Address 0x80587840
Service: NtOpenEvent Actuall Address 0x80580306
Service: NtOpenEventPair Actuall Address 0x80647C9D
Service: NtOpenFile Actuall Address 0x805715E7
Service: NtOpenIoCompletion Actuall Address 0x8061557F
Service: NtOpenJobObject Actuall Address 0x8062EBE9
Service: NtOpenKey Actuall Address 0x805684D5
Service: NtOpenMutant Actuall Address 0x80578F21
Service: NtOpenObjectAuditAlarm Actuall Address 0x8059AC32
Service: NtOpenProcessToken Actuall Address 0x8056C8FC
Service: NtOpenProcessTokenEx Actuall Address 0x8056CAF5
Service: NtOpenSection Actuall Address 0x805766CC
Service: NtOpenSemaphore Actuall Address 0x805A3C97
Service: NtOpenSymbolicLinkObject Actuall Address 0x8058770C
Service: NtOpenThread Actuall Address 0x80597C0A
Service: NtOpenThreadToken Actuall Address 0x8056C383
Service: NtOpenThreadTokenEx Actuall Address 0x8056C2F1
Service: NtOpenTimer Actuall Address 0x80647AD3
Service: NtPlugPlayControl Actuall Address 0x80595DEC
Service: NtPowerInformation Actuall Address 0x8059E8D7
Service: NtPrivilegeCheck Actuall Address 0x80597207
Service: NtPrivilegeObjectAuditAlarm Actuall Address 0x80595670
Service: NtPrivilegedServiceAuditAlarm Actuall Address 0x805AD13E
Service: NtProtectVirtualMemory Actuall Address 0x8057494D
Service: NtPulseEvent Actuall Address 0x805A4EEE
Service: NtQueryAttributesFile Actuall Address 0x80571ECB
Service: NtQueryBootEntryOrder Actuall Address 0x8064755B
Service: NtQueryBootOptions Actuall Address 0x8064755B
Service: NtQueryDebugFilterState Actuall Address 0x804F3BDD
Service: NtQueryDefaultLocale Actuall Address 0x8056676E
Service: NtQueryDefaultUILanguage Actuall Address 0x80586F59
Service: NtQueryDirectoryFile Actuall Address 0x80574DAD
Service: NtQueryDirectoryObject Actuall Address 0x8058D55D
Service: NtQueryEaFile Actuall Address 0x80615A00
Service: NtQueryEvent Actuall Address 0x805878BD
Service: NtQueryFullAttributesFile Actuall Address 0x8057B349
Service: NtQueryInformationAtom Actuall Address 0x805D8720
Service: NtQueryInformationFile Actuall Address 0x80572D12
Service: NtQueryInformationJobObject Actuall Address 0x805896BC
Service: NtQueryInformationPort Actuall Address 0x80621F19
Service: NtQueryInformationProcess Actuall Address 0x8056C537
Service: NtQueryInformationThread Actuall Address 0x80566D06
Service: NtQueryInformationToken Actuall Address 0x8056DEAB
Service: NtQueryInstallUILanguage Actuall Address 0x80580509
Service: NtQueryIntervalProfile Actuall Address 0x8064867F
Service: NtQueryIoCompletion Actuall Address 0x80615640
Service: NtQueryKey Actuall Address 0x8056F473
Service: NtQueryMultipleValueKey Actuall Address 0x8064CF58
Service: NtQueryMutant Actuall Address 0x80648006
Service: NtQueryObject Actuall Address 0x80587E10
Service: NtQueryOpenSubKeys Actuall Address 0x8064D15E
Service: NtQueryPerformanceCounter Actuall Address 0x80567041
Service: NtQueryQuotaInformationFile Actuall Address 0x806162C3
Service: NtQuerySection Actuall Address 0x8057B825
Service: NtQuerySecurityObject Actuall Address 0x805970A2
Service: NtQuerySemaphore Actuall Address 0x80646DFF
Service: NtQuerySymbolicLinkObject Actuall Address 0x8058757D
Service: NtQuerySystemEnvironmentValue Actuall Address 0x80647583
Service: NtQuerySystemEnvironmentValueEx Actuall Address 0x80647520
Service: NtQuerySystemInformation Actuall Address 0x8057CC27
Service: NtQuerySystemTime Actuall Address 0x80597D9C
Service: NtQueryTimer Actuall Address 0x805DE777
Service: NtQueryTimerResolution Actuall Address 0x8058B9E6
Service: NtQueryValueKey Actuall Address 0x8056B9A8
Service: NtQueryVirtualMemory Actuall Address 0x8056CBF3
Service: NtQueryVolumeInformationFile Actuall Address 0x8057188F
Service: NtQueueApcThread Actuall Address 0x80580A00
Service: NtRaiseException Actuall Address 0x804E294C
Service: NtRaiseHardError Actuall Address 0x80646B3B
Service: NtReadFile Actuall Address 0x80571B30
Service: NtReadFileScatter Actuall Address 0x805DB7A8
Service: NtReadRequestData Actuall Address 0x805821C2
Service: NtReadVirtualMemory Actuall Address 0x8057BFD1
Service: NtRegisterThreadTerminatePort Actuall Address 0x8057F9AF
Service: NtReleaseMutant Actuall Address 0x8056604C
Service: NtReleaseSemaphore Actuall Address 0x80579463
Service: NtRemoveIoCompletion Actuall Address 0x80566AB2
Service: NtRemoveProcessDebug Actuall Address 0x806596E1
Service: NtRenameKey Actuall Address 0x8064D39F
Service: NtReplaceKey Actuall Address 0x8064D892
Service: NtReplyPort Actuall Address 0x8057D0F1
Service: NtReplyWaitReceivePort Actuall Address 0x8056A6FD
Service: NtReplyWaitReceivePortEx Actuall Address 0x8056A210
Service: NtReplyWaitReplyPort Actuall Address 0x80621FF8
Service: NtRequestDeviceWakeup Actuall Address 0x8062AC57
Service: NtRequestPort Actuall Address 0x805DF2BF
Service: NtRequestWaitReplyPort Actuall Address 0x8057860F
Service: NtRequestWakeupLatency Actuall Address 0x8062AA50
Service: NtResetEvent Actuall Address 0x805DCBAF
Service: NtResetWriteWatch Actuall Address 0x8053B57A
Service: NtRestoreKey Actuall Address 0x8064C3B0
Service: NtResumeProcess Actuall Address 0x8062E48C
Service: NtResumeThread Actuall Address 0x8057F8D5
Service: NtSaveKey Actuall Address 0x8064C457
Service: NtSaveKeyEx Actuall Address 0x8064C4EF
Service: NtSaveMergedKeys Actuall Address 0x8064C5C3
Service: NtSecureConnectPort Actuall Address 0x80585D7D
Service: NtSetBootEntryOrder Actuall Address 0x8064755B
Service: NtSetBootOptions Actuall Address 0x8064755B
Service: NtSetContextThread Actuall Address 0x8062C85B
Service: NtSetDebugFilterState Actuall Address 0x8065B228
Service: NtSetDefaultHardErrorPort Actuall Address 0x805D668F
Service: NtSetDefaultLocale Actuall Address 0x805B0A35
Service: NtSetDefaultUILanguage Actuall Address 0x805B09DC
Service: NtSetEaFile Actuall Address 0x80615F4D
Service: NtSetEvent Actuall Address 0x80569CCE
Service: NtSetEventBoostPriority Actuall Address 0x80577275
Service: NtSetHighEventPair Actuall Address 0x80647F91
Service: NtSetHighWaitLowEventPair Actuall Address 0x80647EB5
Service: NtSetInformationDebugObject Actuall Address 0x80659081
Service: NtSetInformationFile Actuall Address 0x80579E7E
Service: NtSetInformationJobObject Actuall Address 0x805AD4EE
Service: NtSetInformationKey Actuall Address 0x8064CABB
Service: NtSetInformationObject Actuall Address 0x8058042E
Service: NtSetInformationProcess Actuall Address 0x8056C608
Service: NtSetInformationThread Actuall Address 0x80576E5D
Service: NtSetInformationToken Actuall Address 0x805AA8A1
Service: NtSetIntervalProfile Actuall Address 0x806481AB
Service: NtSetIoCompletion Actuall Address 0x80576D12
Service: NtSetLdtEntries Actuall Address 0x8062D573
Service: NtSetLowEventPair Actuall Address 0x80647F27
Service: NtSetLowWaitHighEventPair Actuall Address 0x80647E43
Service: NtSetQuotaInformationFile Actuall Address 0x8061629B
Service: NtSetSecurityObject Actuall Address 0x8059DB78
Service: NtSetSystemEnvironmentValue Actuall Address 0x80647820
Service: NtSetSystemEnvironmentValueEx Actuall Address 0x80647520
Service: NtSetSystemInformation Actuall Address 0x805A5110
Service: NtSetSystemPowerState Actuall Address 0x8066608F
Service: NtSetSystemTime Actuall Address 0x80646487
Service: NtSetThreadExecutionState Actuall Address 0x8059C19F
Service: NtSetTimer Actuall Address 0x804E5D2B
Service: NtSetTimerResolution Actuall Address 0x80595BCF
Service: NtSetUuidSeed Actuall Address 0x805AD2EA
Service: NtSetValueKey Actuall Address 0x80575527
Service: NtSetVolumeInformationFile Actuall Address 0x806167DF
Service: NtShutdownSystem Actuall Address 0x80645BD3
Service: NtSignalAndWaitForSingleObject Actuall Address 0x80500906
Service: NtStartProfile Actuall Address 0x80648414
Service: NtStopProfile Actuall Address 0x806485CD
Service: NtSuspendProcess Actuall Address 0x8062E431
Service: NtSuspendThread Actuall Address 0x805DC61B
Service: NtSystemDebugControl Actuall Address 0x8064872D
Service: NtTerminateJobObject Actuall Address 0x8062ED63
Service: NtTerminateThread Actuall Address 0x8057E97C
Service: NtTestAlert Actuall Address 0x8057F3BC
Service: NtTraceEvent Actuall Address 0x805453B8
Service: NtTranslateFilePath Actuall Address 0x8064756F
Service: NtUnloadDriver Actuall Address 0x80618B6E
Service: NtUnloadKey Actuall Address 0x8064C689
Service: NtUnloadKeyEx Actuall Address 0x8064C886
Service: NtUnlockFile Actuall Address 0x80584461
Service: NtUnlockVirtualMemory Actuall Address 0x80625EF3
Service: NtUnmapViewOfSection Actuall Address 0x80573789
Service: NtVdmControl Actuall Address 0x805B9B48
Service: NtWaitForDebugEvent Actuall Address 0x80658DD0
Service: NtWaitForMultipleObjects Actuall Address 0x805662B1
Service: NtWaitForSingleObject Actuall Address 0x80565A0B
Service: NtWaitHighEventPair Actuall Address 0x80647DD9
Service: NtWaitLowEventPair Actuall Address 0x80647D6F
Service: NtWriteFile Actuall Address 0x8057A125
Service: NtWriteFileGather Actuall Address 0x805DB3DE
Service: NtWriteRequestData Actuall Address 0x805823AE
Service: NtWriteVirtualMemory Actuall Address 0x8057C123
Service: NtYieldExecution Actuall Address 0x804FC679
Service: NtCreateKeyedEvent Actuall Address 0x805CDF0C
Service: NtOpenKeyedEvent Actuall Address 0x8058A043
Service: NtReleaseKeyedEvent Actuall Address 0x80648BA1
Service: NtWaitForKeyedEvent Actuall Address 0x80648E3C
Service: NtQueryPortInformationProcess Actuall Address 0x8062C033
=========================================
>Processes
System Process Id: 4 EPROCESS Address: 0x867C67C0
C:\Programmer\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe Process Id: 200 EPROCESS Address: 0x86149DA0
C:\WINDOWS\system32\smss.exe Process Id: 536 EPROCESS Address: 0x86528DA0
C:\WINDOWS\system32\alg.exe Process Id: 564 EPROCESS Address: 0x8661F9E0
C:\WINDOWS\system32\csrss.exe Process Id: 592 EPROCESS Address: 0x86699458
C:\WINDOWS\system32\winlogon.exe Process Id: 616 EPROCESS Address: 0x8669F270
C:\WINDOWS\system32\services.exe Process Id: 660 EPROCESS Address: 0x863AF348
C:\WINDOWS\system32\lsass.exe Process Id: 680 EPROCESS Address: 0x86358798
C:\WINDOWS\system32\wintab32.exe Process Id: 860 EPROCESS Address: 0x863987B8
C:\WINDOWS\system32\svchost.exe Process Id: 888 EPROCESS Address: 0x865D0DA0
C:\WINDOWS\system32\svchost.exe Process Id: 948 EPROCESS Address: 0x865CFD10
C:\WINDOWS\system32\svchost.exe Process Id: 988 EPROCESS Address: 0x86136A50
C:\WINDOWS\system32\svchost.exe Process Id: 1032 EPROCESS Address: 0x86555370
C:\WINDOWS\system32\svchost.exe Process Id: 1132 EPROCESS Address: 0x86119A50
C:\WINDOWS\system32\spoolsv.exe Process Id: 1296 EPROCESS Address: 0x866238A0
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe Process Id: 1396 EPROCESS Address: 0x86632408
C:\Programmer\Fælles filer\Anoto\2.0\caspar.exe Process Id: 1416 EPROCESS Address: 0x865A7DA0
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE Process Id: 1480 EPROCESS Address: 0x865AE668
C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe Process Id: 1512 EPROCESS Address: 0x8668D020
C:\WINDOWS\system32\nvsvc32.exe Process Id: 1552 EPROCESS Address: 0x8659D6C8
C:\WINDOWS\system32\svchost.exe Process Id: 1652 EPROCESS Address: 0x86551A78
C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe Process Id: 1680 EPROCESS Address: 0x8662DDA0
C:\Programmer\Trend Micro\OfficeScan Client\OfcDog.exe Process Id: 1932 EPROCESS Address: 0x8638BDA0
C:\totalcmd\TOTALCMD.EXE Process Id: 3704 EPROCESS Address: 0x865B7260
C:\Programmer\ewido anti-spyware 4.0\guard.exe Process Id: 1456 EPROCESS Address: 0x86536A38
E:0-0+5\rootkit\rk\RkUnhooker.exe Process Id: 3308 EPROCESS Address: 0x85A9BBA8
=========================================
>Drivers
nv4_disp.dll C:\WINDOWS\System32\nv4_disp.dll Address: 0xBF012000 Size: 3969024 bytes
nv4_mini.sys C:\WINDOWS\system32\DRIVERS\nv4_mini.sys Address: 0xF7291000 Size: 3653632 bytes
ntoskrnl.exe C:\WINDOWS\system32\ntoskrnl.exe Address: 0x804D7000 Size: 2183552 bytes
PnpManager \Driver\PnpManager Address: 0x804D7000 Size: 2183552 bytes
RAW \FileSystem\RAW Address: 0x804D7000 Size: 2183552 bytes
WMIxWDM \Driver\WMIxWDM Address: 0x804D7000 Size: 2183552 bytes
Win32k \Driver\Win32k Address: 0xBF800000 Size: 1839104 bytes
win32k.sys C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1839104 bytes
VSApiNt.sys C:\Programmer\Trend Micro\OfficeScan Client\VSApiNt.sys Address: 0xBA488000 Size: 1048576 bytes
Ntfs.sys Ntfs.sys Address: 0xF769D000 Size: 577536 bytes
mrxsmb.sys C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xF0E8D000 Size: 454656 bytes
tcpip.sys C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xF2D87000 Size: 360448 bytes
srv.sys C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xBA043000 Size: 339968 bytes
cdudf_xp.SYS C:\WINDOWS\System32\Drivers\cdudf_xp.SYS Address: 0xF2EA5000 Size: 294912 bytes
ATMFD.DLL C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA0000 Size: 286720 bytes
HTTP.sys C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xB9D48000 Size: 266240 bytes
TmXPFlt.sys C:\Programmer\Trend Micro\OfficeScan Client\TmXPFlt.sys Address: 0xBA449000 Size: 258048 bytes
update.sys C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xF708D000 Size: 212992 bytes
Dot4.sys C:\WINDOWS\system32\DRIVERS\Dot4.sys Address: 0xF2F2D000 Size: 208896 bytes
UDFReadr.SYS C:\WINDOWS\System32\Drivers\UDFReadr.SYS Address: 0xF2E04000 Size: 204800 bytes
rdpdr.sys C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xF70C1000 Size: 200704 bytes
ACPI.sys ACPI.sys Address: 0xF77E0000 Size: 188416 bytes
mrxdav.sys C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xBA186000 Size: 184320 bytes
NDIS.sys NDIS.sys Address: 0xF7670000 Size: 184320 bytes
rdbss.sys C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xF0EFC000 Size: 180224 bytes
netbt.sys C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xF2D5F000 Size: 163840 bytes
dmio.sys dmio.sys Address: 0xF778A000 Size: 155648 bytes
portcls.sys C:\WINDOWS\system32\drivers\portcls.sys Address: 0xF7236000 Size: 147456 bytes
DVDVRRdr_xp.SYS C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS Address: 0xF2E48000 Size: 143360 bytes
Fastfat.SYS C:\WINDOWS\System32\Drivers\Fastfat.SYS Address: 0xF0E6A000 Size: 143360 bytes
ks.sys C:\WINDOWS\system32\drivers\ks.sys Address: 0xF7213000 Size: 143360 bytes
USBPORT.SYS C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xF725A000 Size: 143360 bytes
afd.sys C:\WINDOWS\System32\drivers\afd.sys Address: 0xF2D15000 Size: 139264 bytes
ipnat.sys C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xF2CF4000 Size: 135168 bytes
fltMgr.sys fltMgr.sys Address: 0xF7753000 Size: 126976 bytes
ftdisk.sys ftdisk.sys Address: 0xF77B0000 Size: 126976 bytes
pwd_2k.SYS C:\WINDOWS\System32\Drivers\pwd_2k.SYS Address: 0xF71F6000 Size: 118784 bytes
Mup.sys Mup.sys Address: 0xF7655000 Size: 110592 bytes
atapi.sys atapi.sys Address: 0xF7772000 Size: 98304 bytes
dump_atapi.sys C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF0E52000 Size: 98304 bytes
KSecDD.sys KSecDD.sys Address: 0xF772A000 Size: 94208 bytes
ndiswan.sys C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xF71A3000 Size: 94208 bytes
irda.sys C:\WINDOWS\system32\DRIVERS\irda.sys Address: 0xBA3BB000 Size: 90112 bytes
wdmaud.sys C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xB9BF3000 Size: 86016 bytes
parport.sys C:\WINDOWS\system32\DRIVERS\parport.sys Address: 0xF71E2000 Size: 81920 bytes
VIDEOPRT.SYS C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xF727D000 Size: 81920 bytes
ACPI_HAL \Driver\ACPI_HAL Address: 0x806ED000 Size: 81280 bytes
hal.dll C:\WINDOWS\system32\hal.dll Address: 0x806ED000 Size: 81280 bytes
ipsec.sys C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xF2DDF000 Size: 77824 bytes
dxg.sys C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 bytes
sr.sys sr.sys Address: 0xF7741000 Size: 73728 bytes
tmcomm.sys C:\WINDOWS\system32\drivers\tmcomm.sys Address: 0xB9FE1000 Size: 73728 bytes
pci.sys pci.sys Address: 0xF77CF000 Size: 69632 bytes
psched.sys C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xF70F2000 Size: 69632 bytes
Cdfs.SYS C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xB9B16000 Size: 65536 bytes
LMouFlt2.Sys C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys Address: 0xF78BF000 Size: 65536 bytes
serial.sys C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xF7A8F000 Size: 65536 bytes
drmk.sys C:\WINDOWS\system32\drivers\drmk.sys Address: 0xF7A3F000 Size: 61440 bytes
redbook.sys C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xF7A6F000 Size: 61440 bytes
sysaudio.sys C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xB9C80000 Size: 61440 bytes
usbhub.sys C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xF793F000 Size: 61440 bytes
VolSnap.sys VolSnap.sys Address: 0xF784F000 Size: 57344 bytes
cdrom.sys C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xF7A5F000 Size: 53248 bytes
CLASSPNP.SYS C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xF786F000 Size: 53248 bytes
i8042prt.sys C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xF7A9F000 Size: 53248 bytes
rasl2tp.sys C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xF78CF000 Size: 53248 bytes
TmPreFlt.sys C:\Programmer\Trend Micro\OfficeScan Client\TmPreFlt.sys Address: 0xF7153000 Size: 53248 bytes
L8042pr2.Sys C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys Address: 0xF78AF000 Size: 49152 bytes
raspptp.sys C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xF78EF000 Size: 49152 bytes
Cdr4_xp.SYS C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS Address: 0xF7A4F000 Size: 45056 bytes
imapi.sys C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xF7A7F000 Size: 45056 bytes
MountMgr.sys MountMgr.sys Address: 0xF783F000 Size: 45056 bytes
raspppoe.sys C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xF78DF000 Size: 45056 bytes
viaagp.sys viaagp.sys Address: 0xF787F000 Size: 45056 bytes
es1371mp.sys C:\WINDOWS\system32\drivers\es1371mp.sys Address: 0xF7A2F000 Size: 40960 bytes
NDProxy.SYS C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF792F000 Size: 40960 bytes
processr.sys C:\WINDOWS\system32\DRIVERS\processr.sys Address: 0xF7A1F000 Size: 40960 bytes
termdd.sys C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xF790F000 Size: 40960 bytes
disk.sys disk.sys Address: 0xF785F000 Size: 36864 bytes
Fips.SYS C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xF47CD000 Size: 36864 bytes
isapnp.sys isapnp.sys Address: 0xF782F000 Size: 36864 bytes
msgpc.sys C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xF78FF000 Size: 36864 bytes
netbios.sys C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xF799F000 Size: 36864 bytes
wanarp.sys C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xF79BF000 Size: 36864 bytes
wpdusb.sys C:\WINDOWS\System32\Drivers\wpdusb.sys Address: 0xF791F000 Size: 36864 bytes
Npfs.SYS C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF7C2F000 Size: 32768 bytes
SASKUTIL.sys C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys Address: 0xF7C37000 Size: 32768 bytes
Cdralw2k.SYS C:\WINDOWS\System32\Drivers\Cdralw2k.SYS Address: 0xF7BA7000 Size: 28672 bytes
fdc.sys C:\WINDOWS\system32\DRIVERS\fdc.sys Address: 0xF7BB7000 Size: 28672 bytes
kbdclass.sys C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xF7BC7000 Size: 28672 bytes
PCIIDEX.SYS C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xF7AAF000 Size: 28672 bytes
SASDIFSV.SYS C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS Address: 0xF7AD7000 Size: 28672 bytes
usbehci.sys C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xF7B97000 Size: 28672 bytes
USBSTOR.SYS C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Address: 0xF7AE7000 Size: 28672 bytes
dvd_2K.SYS C:\WINDOWS\System32\Drivers\dvd_2K.SYS Address: 0xF7BF7000 Size: 24576 bytes
mouclass.sys C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xF7BBF000 Size: 24576 bytes
RTL8139.SYS C:\WINDOWS\system32\DRIVERS\RTL8139.SYS Address: 0xF7B9F000 Size: 24576 bytes
vga.sys C:\WINDOWS\System32\drivers\vga.sys Address: 0xF7C1F000 Size: 24576 bytes
flpydisk.sys C:\WINDOWS\system32\DRIVERS\flpydisk.sys Address: 0xF7C0F000 Size: 20480 bytes
Msfs.SYS C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF7C27000 Size: 20480 bytes
PartMgr.sys PartMgr.sys Address: 0xF7AB7000 Size: 20480 bytes
ptilink.sys C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xF7BE7000 Size: 20480 bytes
PxHelp20.sys PxHelp20.sys Address: 0xF7ABF000 Size: 20480 bytes
rasirda.sys C:\WINDOWS\system32\DRIVERS\rasirda.sys Address: 0xF7BCF000 Size: 20480 bytes
raspti.sys C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xF7BEF000 Size: 20480 bytes
TDI.SYS C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xF7BD7000 Size: 20480 bytes
usbohci.sys C:\WINDOWS\system32\DRIVERS\usbohci.sys Address: 0xF7B8F000 Size: 20480 bytes
usbuhci.sys C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xF7BAF000 Size: 20480 bytes
watchdog.sys C:\WINDOWS\System32\watchdog.sys Address: 0xF12E5000 Size: 20480 bytes
Dot4Prt.sys C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys Address: 0xF71CA000 Size: 16384 bytes
mssmbios.sys C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xF7619000 Size: 16384 bytes
ndisuio.sys C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xBA445000 Size: 16384 bytes
rkhdrv10.SYS C:\WINDOWS\System32\Drivers\rkhdrv10.SYS Address: 0xB9CF0000 Size: 16384 bytes
serenum.sys C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xF7D17000 Size: 16384 bytes
BOOTVID.dll C:\WINDOWS\system32\BOOTVID.dll Address: 0xF7C3F000 Size: 12288 bytes
Dot4Scan.sys C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys Address: 0xF71CE000 Size: 12288 bytes
Dxapi.sys C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xF2D5B000 Size: 12288 bytes
gameenum.sys C:\WINDOWS\system32\DRIVERS\gameenum.sys Address: 0xF7D1F000 Size: 12288 bytes
itchfltr.sys C:\WINDOWS\system32\DRIVERS\itchfltr.sys Address: 0xF7D1B000 Size: 12288 bytes
ndistapi.sys C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xF7D27000 Size: 12288 bytes
pfc.sys C:\WINDOWS\system32\drivers\pfc.sys Address: 0xF7D07000 Size: 12288 bytes
rasacd.sys C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xF7071000 Size: 12288 bytes
ws2ifsl.sys C:\WINDOWS\System32\drivers\ws2ifsl.sys Address: 0xF7069000 Size: 12288 bytes
anti_rkt.sys anti_rkt.sys Address: 0xF7D33000 Size: 8192 bytes
Beep.SYS C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF7D83000 Size: 8192 bytes
dmload.sys dmload.sys Address: 0xF7D37000 Size: 8192 bytes
dump_WMILIB.SYS C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7DC5000 Size: 8192 bytes
Fs_Rec.SYS C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF7D81000 Size: 8192 bytes
KDCOM.DLL C:\WINDOWS\system32\KDCOM.DLL Address: 0xF7D2F000 Size: 8192 bytes
mnmdd.SYS C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xF7D85000 Size: 8192 bytes
ParVdm.SYS C:\WINDOWS\System32\Drivers\ParVdm.SYS Address: 0xF7D55000 Size: 8192 bytes
RDPCDD.sys C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF7D87000 Size: 8192 bytes
SophosMEMSWEEP.SYS C:\WINDOWS\system32\SophosMEMSWEEP.SYS Address: 0xF7D65000 Size: 8192 bytes
swenum.sys C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xF7D59000 Size: 8192 bytes
USBD.SYS C:\WINDOWS\System32\Drivers\USBD.SYS Address: 0xF7D5B000 Size: 8192 bytes
viaide.sys viaide.sys Address: 0xF7D35000 Size: 8192 bytes
WMILIB.SYS C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xF7D31000 Size: 8192 bytes
audstub.sys C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xF7E44000 Size: 4096 bytes
cleanDrv.sys cleanDrv.sys Address: 0xF7DF7000 Size: 4096 bytes
dxgthk.sys C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7E50000 Size: 4096 bytes
guard.sys C:\Programmer\ewido anti-spyware 4.0\guard.sys Address: 0xF7E0E000 Size: 4096 bytes
msmpu401.sys C:\WINDOWS\system32\drivers\msmpu401.sys Address: 0xF7E43000 Size: 4096 bytes
Null.SYS C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7F4E000 Size: 4096 bytes
VIAPFD.SYS C:\WINDOWS\System32\Drivers\VIAPFD.SYS Address: 0xF7F4F000 Size: 4096 bytes

Jeg tror godt vi kan konkludere at du ikke har rootkits på din maskine. Derfor er det nok en systemfejl. Eftersom du har prøvet repair, kunne det tyde på, at det er et eksternt program, som loades ind sammen med Explorer. Jeg har set flere steder, at brugere af DivX har problemet, og her har det nogle gange hjulpet at afinstallere DivX. Derudover fandt jeg en tråd:
http://www.ntcompatible.com/thread28867-1.html

...hvor det hjalp at bruge dette program:
http://www.nirsoft.net/utils/shexview_setup.exe

Her gik metoden ud på forsøgsvist at deaktivere nogle af de tilknyttede programmer, og derefter checke om det har hjulpet, og på den måde lokalisere filen

Jeg kender ikke programmet, og ved ikke så meget om, hvorvidt der er nogle af tingene, som man skal holde fingrene fra. Men det er næsten den eneste løsning jeg kan komme op med—udover at formatere skidtet, og installere fra bunden.

En vejledning til programmet (på engelsk) kan du finde her:
http://www.nirsoft.net/utils/shexview.html

Der er ikke installeret DivX, så vidt jeg kan se… Og det andet program hjalp heller ikke…

SÅ det bliver nok en format nu!

Men tak for hjælpen anyways…

Hej Xelajd

Så vil jeg sige velbekomme dig på vegne af teamet.

Dit system har været godt ustabilt, så jeg tror du har valgt den rette løsning. Der er ikke noget så godt som en helt ny maskine.