Scan Results [Archive] - Safer-Networking Forums

bydlo

2014-01-06, 16:33

Hello Everybody,
could someone be so kind to have a look to the results of my rootkit-scan and tell me if there is somethin suspiscious?
Thanx a lot in advance.
Kind regards axel

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\axel\AppData\Local\GD3khWUNMWkOo8y:XzXwteHUp4SabuihnGjeK:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\LU3pyX4K9I:EpbGvHwEgXptR1jTTj5zRuMi:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp:Yd7yDMoqiHyMzx1pe:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\VirtualStore\Windows:nlsPreferences:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\acro_rd_dir:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\acro_rd_dir:Yd7yDMoqiHyMzx1pe:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\IDC2.tmp:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\IDC2.tmp:Yd7yDMoqiHyMzx1pe:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","DolbyAC3_5.1"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","DolbyAC3Stereo"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","GoGoCodes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MP3Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG2_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG2E_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MC0B_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MC1D_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MCC3_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MCE8_Codes"

tashi

2014-01-06, 22:59

Hello bydlo,

Temp files.
Windows Wow6432Node, InprocServer32.
MAGIX audio video and graphic photo software.

In general all items found by the RootAlyzer are not necessarily malicious but show items which it believes to be out of the ordinary as an analyst tool, it is not a scan and fix tool like the System or File Scan.

How is the computer running. :)

Best regards.

bydlo

2014-01-07, 09:49

Hello Tashi,
thanks for your help.
Its hard to be sure if something is a part of the system and just looks as a rootkit or if it is something malicious if you arent a computerspecialist.
The computer runs ok.
Did you see something that makes you think it slows down the engine or was your question just a friendly "everything ok?"-question?
kind regards axel

tashi

2014-01-07, 16:52

Hi bydlo,

Did you see something that makes you think it slows down the engine or was your question just a friendly "everything ok?"-question?
Yes to the latter. :)

The computer runs ok. Do you feel it is slower than usual?

Best regards.

bydlo

2014-01-08, 10:49

Hi Tashi,
yes what?
Yes 1 or yes 2?

Yes, it could be faster!
Would you be so nice and share your knowledge with us?
kind regards axel

tashi

2014-01-08, 19:33

Hello bydlo,

Yes, it could be faster!

If the computer is running OK and showing no sign of infection I will link you to a Tech site where volunteers can assist by checking your startup programs etc. :)

Register and start a topic at What The Tech in this forum: Microsoft Windows™ (http://forums.whatthetech.com/index.php?showforum=119)

Best regards.