Results 1 to 3 of 3

Thread: Unknown if infected

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jan 2011
    Posts
    3

    Default Unknown if infected

    I downloaded Spybot 2 yesterday and installed it. I then ran Rootkit Analyzer to see if there might be any problems. I got a list of files with "Unknown ADS" and a list of "No Admin in ACL" in the registry. As I am unsure what those mean and was unable to find any info regarding them in the Help file, I am posting here for clarification. I am running Win 7. Hopefully I have followed the posting rules correctly, here goes.

    And here is my Rootkit Analyzer report:
    // info: Rootkit removal help file
    // copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Hidden file","C:\Windows\,"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\1cc77fc5ae2d1e0.dat:4c38d25a-5577-4315-bae0-db26f9f0aa7b:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\68f8c465f8c432dc.dat:bb20f817-ad5e-492a-8d5d-9e218c413c08:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\6bc2994bc297ef5.dat:8ae5e360-4a2e-4567-a9e2-0026807e0e5d:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\84ee91c7ee91b242.dat:bed05f5f-e20b-4817-8e80-cb0677ec437e:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\a84024a84023929.dat:73853b75-e55e-4c79-91a1-974610eec255:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\aa9a039a9a036265.dat:cb9b8d6b-c0ed-4803-b55f-dd1fe87ff765:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\d4c013fac013e192.dat:1a23c403-2928-4471-b8a4-ba04d239ed48:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\e67049a1704978f7.dat:b6931927-1c1c-4166-95d1-b926a79da361:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\e84604cb46049c86.dat:1bec6d24-3303-4531-ba34-6a5d8d5bb930:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\1cc77fc5ae2d1e0.dat:4c38d25a-5577-4315-bae0-db26f9f0aa7b:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\68f8c465f8c432dc.dat:bb20f817-ad5e-492a-8d5d-9e218c413c08:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\6bc2994bc297ef5.dat:8ae5e360-4a2e-4567-a9e2-0026807e0e5d:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\84ee91c7ee91b242.dat:bed05f5f-e20b-4817-8e80-cb0677ec437e:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\a84024a84023929.dat:73853b75-e55e-4c79-91a1-974610eec255:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\aa9a039a9a036265.dat:cb9b8d6b-c0ed-4803-b55f-dd1fe87ff765:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\d4c013fac013e192.dat:1a23c403-2928-4471-b8a4-ba04d239ed48:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\e67049a1704978f7.dat:b6931927-1c1c-4166-95d1-b926a79da361:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\e84604cb46049c86.dat:1bec6d24-3303-4531-ba34-6a5d8d5bb930:$DATA"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4422A9FE-7955-465F-80D2-FDEE1776D49D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{6461DDD1-48E9-41D4-8B5B-03618C68BB0B}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B05EA49F-5EF1-41E2-AB5E-F8E4E0397B1D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B1D216ED-FBFF-48EB-8474-804E3D81BA07}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{CC1B58C4-F064-48E0-9EBE-5C926A09697F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{CC1B58C4-F064-48E0-9EBE-5C926A09697F}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{B1D216ED-FBFF-48EB-8474-804E3D81BA07}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4422A9FE-7955-465F-80D2-FDEE1776D49D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{6461DDD1-48E9-41D4-8B5B-03618C68BB0B}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B05EA49F-5EF1-41E2-AB5E-F8E4E0397B1D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B1D216ED-FBFF-48EB-8474-804E3D81BA07}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{CC1B58C4-F064-48E0-9EBE-5C926A09697F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{CC1B58C4-F064-48E0-9EBE-5C926A09697F}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{B1D216ED-FBFF-48EB-8474-804E3D81BA07}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4422A9FE-7955-465F-80D2-FDEE1776D49D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{6461DDD1-48E9-41D4-8B5B-03618C68BB0B}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B05EA49F-5EF1-41E2-AB5E-F8E4E0397B1D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B1D216ED-FBFF-48EB-8474-804E3D81BA07}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{CC1B58C4-F064-48E0-9EBE-5C926A09697F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{CC1B58C4-F064-48E0-9EBE-5C926A09697F}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{B1D216ED-FBFF-48EB-8474-804E3D81BA07}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","AVCHDCodes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","DolbyAC3Stereo"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","DolbyAC3_5.1"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","GoGoCodes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MP3Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG2E_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG2_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_MC0B_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_MC1D_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_MCC3_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_MCE8_Codes"
    Last edited by tashi; 2013-03-19 at 18:58. Reason: Moved from Malware forum- removed Malware forum logs

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •