Gisa Rodrigues
2013-02-26, 19:21
Hello all! I'm new to the forum and do not write well in English, I hope you can understand.
Well, I did a scan with spybot and it detected several suspects, I'll post the images below for the results that you guys can help me identify.
http://imageshack.us/photo/my-images/35/56117040.jpg/
http://imageshack.us/photo/my-images/818/32900003.jpg/
http://imageshack.us/photo/my-images/18/91931660.jpg/
I await your help because I'm afraid to delete any important file.
Thank you in advance!
spybotsandra
2013-02-27, 12:51
Hello,
Maybe you can copy the RootAlyzer log?
It should be stored here:
C:\ProgramData\Spybot - Search & Destroy\Logs
Best regards
Sandra
Team Spybot
Gisa Rodrigues
2013-03-09, 19:58
Hello Sandra!
I appreciate the response, I copied the log from a recent scan
// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Hidden file","C:\Windows\ŕó!"
File:"Invisible to Win32","C:\Boott! s"
File:"No admin in ACL","C:\Users\Todos os Usuários\Booms"
File:"No admin in ACL","C:\Users\Todos os Usuários\BSD"
File:"No admin in ACL","C:\Users\Todos os Usuários\PKP_DLdu.DAT"
File:"No admin in ACL","C:\Users\Todos os Usuários\PKP_DLdw.DAT"
File:"No admin in ACL","C:\Users\Todos os Usuários\Ultima_T15\reg_configec.stn"
File:"No admin in ACL","C:\Users\Todos os Usuários\Ultima_T15\reg_configee.stn"
File:"No admin in ACL","C:\Users\Todos os Usuários\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\Todos os Usuários\Microsoft\Office\DATA"
File:"No admin in ACL","C:\Users\Todos os Usuários\Microsoft\Office\DATA\OPA12.BAK"
File:"No admin in ACL","C:\Users\Todos os Usuários\Microsoft\Office\DATA\opa12.dat"
File:"No admin in ACL","C:\Users\Todos os Usuários\EnterNHelp\hxde.xxc"
File:"No admin in ACL","C:\Users\Todos os Usuários\EnterNHelp\hxdg.xxc"
File:"No admin in ACL","C:\Users\Todos os Usuários\EnterNHelp\hxes.xxb"
File:"No admin in ACL","C:\Users\Todos os Usuários\EnterNHelp\hxeu.xxb"
File:"No admin in ACL","C:\Users\Nino & Gisa\AppData\Roaming\Audio Units"
File:"No admin in ACL","C:\Users\Nino & Gisa\AppData\Roaming\Real\Update\UpgradeHelper"
File:"No admin in ACL","C:\Users\Nino & Gisa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer"
File:"No admin in ACL","C:\Users\All Users\Booms"
File:"No admin in ACL","C:\Users\All Users\BSD"
File:"No admin in ACL","C:\Users\All Users\PKP_DLdu.DAT"
File:"No admin in ACL","C:\Users\All Users\PKP_DLdw.DAT"
File:"No admin in ACL","C:\Users\All Users\Ultima_T15\reg_configec.stn"
File:"No admin in ACL","C:\Users\All Users\Ultima_T15\reg_configee.stn"
File:"No admin in ACL","C:\Users\All Users\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\All Users\Microsoft\Office\DATA"
File:"No admin in ACL","C:\Users\All Users\Microsoft\Office\DATA\OPA12.BAK"
File:"No admin in ACL","C:\Users\All Users\Microsoft\Office\DATA\opa12.dat"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxde.xxc"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxdg.xxc"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxes.xxb"
File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxeu.xxb"
File:"No admin in ACL","C:\ProgramData\Booms"
File:"No admin in ACL","C:\ProgramData\BSD"
File:"No admin in ACL","C:\ProgramData\PKP_DLdu.DAT"
File:"No admin in ACL","C:\ProgramData\PKP_DLdw.DAT"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configec.stn"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configee.stn"
File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
File:"No admin in ACL","C:\ProgramData\Microsoft\Office\DATA"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxde.xxc"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdg.xxc"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxes.xxb"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxeu.xxb"
File:"No admin in ACL","C:\Program Files\Common Files\INCA Shared\OnlineEngine\BWTTrustList.dat"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
Can you help me identify if this alright?
Thanks again
spybotsandra
2013-03-11, 13:55
Hello,
That seem to be hidden Program Data files.
Nothing to worry.
Best regards
Sandra
Team Spybot