Results 1 to 2 of 2

Thread: unsure about rootkit scan results

  1. #1
    Junior Member
    Join Date
    Apr 2013
    Posts
    1

    Default unsure about rootkit scan results

    Hello to the Spybot-Team,

    that's my first thread, so I hope to give all required Information in acceptable English.

    I'm using an Intel Duel Core 2.16 GHz, 3 GB RAM, Win7 Ultimate 32 Bit SP1, Avira Free Antivirus, MBAM Pro and of course Spybot - Search & Destroy 2 (2.0.12.0)
    I did a deep rootkit scan and that is the matching Logfile:


    // info: Rootkit removal help file
    // copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Hidden file","C:\Windows\MSIECO"
    File:"Hidden file","C:\Windows\Œõ"
    File:"Unknown ADS","C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT:$DATA"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\81608.bpc"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat"
    File:"Unknown ADS","C:\Users\Ales\Documents\Scanned Documents\Begrüßungsscan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"[/CODE]I read about "No admin in ACL" and "Unknown ADS" and now in my opinion lines 4 -7 and line 9 are no malware and the RebyValue is needed by windows.
    Lines 1 an 2: I've got no idea
    Line 3: I'm unsure... maybe truly a needed ADS for my mouse-coursor
    Line 8: the picture exists, but I was wondering what means ":3or4kl4x13tuuug3Byamue2s4b:$DATA"

    I hope you clear up my confusion. Thanks in advance!

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    I would maybe delete the first two.

    The others are definitely no Rootkits.
    Just some Windows files belonging to Office and cursors and sounds.

    But the deletion is final and can not be recovered through the Quarantine.
    If you still want to remove the found items it is strongly recommend to create a system restore point before doing that.

    Best regards
    Sandra
    Team Spybot

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •