Results 1 to 2 of 2

Thread: Rootkit scan log

  1. #1
    Junior Member
    Join Date
    Dec 2012
    Posts
    1

    Default Rootkit scan log

    Hi, i just ran rootkit scan and got the following things and i'm thankful if someone can help me out with it.



    // info: Rootkit removal help file
    // copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"No admin in ACL","C:\Windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.1.7601.21949_none_ee7d1c9d19d30450\System.Windows.Forms.dll"
    File:"No admin in ACL","C:\Windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.1.7601.21949_none_72db44b9d967ee2c\System.Design.dll"
    File:"No admin in ACL","C:\Windows\winsxs\msil_system.design.resources_b03f5f7f11d50a3a_6.1.7601.21949_fi-fi_2cc6d69cf29a53d6\System.Design.resources.dll"
    File:"No admin in ACL","C:\Windows\winsxs\msil_system.design.resources_b03f5f7f11d50a3a_6.1.7601.17798_fi-fi_439995bad8ee5891\System.Design.resources.dll"
    File:"No admin in ACL","C:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.21949_none_6ca6817095062b29\System.Windows.Forms.dll"
    File:"No admin in ACL","C:\Windows\winsxs\amd64_netfx-system.design_b03f5f7f11d50a3a_6.1.7601.21949_none_73ef0f422f3bd4bf\System.Design.dll"
    File:"No admin in ACL","C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fi_b03f5f7f11d50a3a\System.Design.resources.dll"
    File:"Unknown ADS","C:\Users\All Users\Temp:07BF512B:$DATA"
    File:"Unknown ADS","C:\Users\All Users\Temp:D287FACF:$DATA"
    File:"Unknown ADS","C:\Users\All Users\Temp:D3A96964:$DATA"
    File:"No admin in ACL","C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"
    File:"No admin in ACL","C:\Users\All Users\AVG2012\log\history.xml"
    File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"
    File:"No admin in ACL","C:\ProgramData\AVG2012\log\history.xml"
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\","{057C7771-F320-4C2A-A2EA-747945FA82F2}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\","{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\","{97A98033-9FA1-4E80-A339-59787B43CC89}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\","{A82EB336-567D-4F41-A63E-8113AD8B6903}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\","{C4B20040-7D5A-4558-9E19-B7DF94366F97}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\","{057C7771-F320-4C2A-A2EA-747945FA82F2}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\","{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\","{97A98033-9FA1-4E80-A339-59787B43CC89}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\","{A82EB336-567D-4F41-A63E-8113AD8B6903}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\","{C4B20040-7D5A-4558-9E19-B7DF94366F97}\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    The only thing that seem suspicious are probably the temp files.
    File:"Unknown ADS","C:\Users\All Users\Temp:07BF512B:$DATA"
    File:"Unknown ADS","C:\Users\All Users\Temp:D287FACF:$DATA"
    File:"Unknown ADS","C:\Users\All Users\Temp:D3A96964:$DATA"

    If you decide to delete them I would recommend to create a system restore point first before doing so.

    Best regards
    Sandra
    Team Spybot

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •