Scan Results

**bydlo** · 2014-01-06, 16:33

Hello Everybody,
could someone be so kind to have a look to the results of my rootkit-scan and tell me if there is somethin suspiscious?
Thanx a lot in advance.
Kind regards axel

Code:

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\axel\AppData\Local\GD3khWUNMWkOo8y:XzXwteHUp4SabuihnGjeK:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\LU3pyX4K9I:EpbGvHwEgXptR1jTTj5zRuMi:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp:Yd7yDMoqiHyMzx1pe:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\VirtualStore\Windows:nlsPreferences:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\acro_rd_dir:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\acro_rd_dir:Yd7yDMoqiHyMzx1pe:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\IDC2.tmp:N8jwPmphe8zR1vKrLLRovf9KUS:$DATA"
File:"Unknown ADS","C:\Users\axel\AppData\Local\Temp\IDC2.tmp:Yd7yDMoqiHyMzx1pe:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4422A9FE-7955-465f-80D2-FDEE1776D49D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B1D216ED-FBFF-48eb-8474-804E3D81BA07}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{BADE2EB5-0AA5-467A-B073-231B828EBF9F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{B1D216ED-FBFF-48eb-8474-804E3D81BA07}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{B05EA49F-5EF1-41e2-AB5E-F8E4E0397B1D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{6461DDD1-48E9-41d4-8B5B-03618C68BB0B}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{4422A9FE-7955-465f-80D2-FDEE1776D49D}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{371733A1-12F5-4E38-82E8-A3CFCF9D666F}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\","InprocServer32"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","DolbyAC3_5.1"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","DolbyAC3Stereo"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","GoGoCodes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MP3Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG2_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG2E_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MC0B_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MC1D_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MCC3_Codes"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Magix\","MPEG4_MCE8_Codes"

**tashi** · 2014-01-06, 22:59

Hello bydlo,

Temp files.
Windows Wow6432Node, InprocServer32.
MAGIX audio video and graphic photo software.

In general all items found by the RootAlyzer are not necessarily malicious but show items which it believes to be out of the ordinary as an analyst tool, it is not a scan and fix tool like the System or File Scan.

How is the computer running.

Best regards.

**bydlo** · 2014-01-07, 09:49

Hello Tashi,
thanks for your help.
Its hard to be sure if something is a part of the system and just looks as a rootkit or if it is something malicious if you arent a computerspecialist.
The computer runs ok.
Did you see something that makes you think it slows down the engine or was your question just a friendly "everything ok?"-question?
kind regards axel

**tashi** · 2014-01-07, 16:52

Hi bydlo,

Originally Posted by bydlo

Did you see something that makes you think it slows down the engine or was your question just a friendly "everything ok?"-question?

Yes to the latter.

Originally Posted by bydlo

The computer runs ok.

Do you feel it is slower than usual?

Best regards.

**bydlo** · 2014-01-08, 10:49

Hi Tashi,
yes what?
Yes 1 or yes 2?

Yes, it could be faster!
Would you be so nice and share your knowledge with us?
kind regards axel

**tashi** · 2014-01-08, 19:33

Hello bydlo,

Originally Posted by bydlo

Yes, it could be faster!

If the computer is running OK and showing no sign of infection I will link you to a Tech site where volunteers can assist by checking your startup programs etc.

Register and start a topic at What The Tech in this forum: Microsoft Windows™

Best regards.

Thread: Scan Results

Thread Tools

Display

Scan Results

Posting Permissions