Scan Results

bydlo · Jan 6, 2014

Hello Everybody,
could someone be so kind to have a look to the results of my rootkit-scan and tell me if there is somethin suspiscious?
Thanx a lot in advance.
Kind regards axel

Code:

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\axel\AppData\Local\GD3khWUNMWkOo8y:XzXwteHUp4SabuihnGjeK:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\LU3pyX4K9I:EpbGvHwEgXptR1jTTj5zRuMi:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp:Yd7yDMoqiHyMzx1pe:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\VirtualStore\Windows:nlsPreferences:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\acro_rd_dir:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\acro_rd_dir:Yd7yDMoqiHyMzx1pe:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\IDC2.tmp:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\IDC2.tmp:Yd7yDMoqiHyMzx1pe:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","DolbyAC3_5.1"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","DolbyAC3Stereo"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","GoGoCodes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MP3Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG2_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG2E_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MC0B_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MC1D_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MCC3_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MCE8_Codes"

tashi · Jan 6, 2014

Hello bydlo,

Temp files.
Windows Wow6432Node, InprocServer32.
MAGIX audio video and graphic photo software.

In general all items found by the RootAlyzer are not necessarily malicious but show items which it believes to be out of the ordinary as an analyst tool, it is not a scan and fix tool like the System or File Scan.

How is the computer running.

Best regards.

bydlo · Jan 7, 2014

Hello Tashi,
thanks for your help.
Its hard to be sure if something is a part of the system and just looks as a rootkit or if it is something malicious if you arent a computerspecialist.
The computer runs ok.
Did you see something that makes you think it slows down the engine or was your question just a friendly "everything ok?"-question?
kind regards axel

tashi · Jan 7, 2014

Hi bydlo,

bydlo said:
Did you see something that makes you think it slows down the engine or was your question just a friendly "everything ok?"-question?

Yes to the latter.

bydlo said:
The computer runs ok.

Do you feel it is slower than usual?

Best regards.

bydlo · Jan 8, 2014

Hi Tashi,
yes what?
Yes 1 or yes 2?

Yes, it could be faster!
Would you be so nice and share your knowledge with us?
kind regards axel

tashi · Jan 8, 2014

Hello bydlo,

bydlo said:
Yes, it could be faster!

If the computer is running OK and showing no sign of infection I will link you to a Tech site where volunteers can assist by checking your startup programs etc.

Register and start a topic at What The Tech in this forum: Microsoft Windows™

Best regards.

Scan Results

bydlo

New member

tashi

Member of Team Spybot

bydlo

New member

tashi

Member of Team Spybot

bydlo

New member

tashi

Member of Team Spybot