PDA

View Full Version : Rootkit Scan Results - Are these OK?



SolarOne
2014-12-09, 23:18
Just need to check to see if these are OK. Should I delete these?
I did use internet explorer during the scan.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.18005_none_b5c807ab2d93d829\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"Unknown ADS","C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA"
File:"No admin in ACL","C:\Users\Ted\AppData\Local\Temp\~DFD95B.tmp"
File:"No admin in ACL","C:\Users\Ted\AppData\Local\Temp\~DFE1C3.tmp"
File:"No admin in ACL","C:\Users\Ted\AppData\Local\Temp\~DFE313.tmp"
File:"No admin in ACL","C:\Users\Ted\AppData\Local\Protexis\EF5A9C1C32.drv"
File:"No admin in ACL","C:\Users\Ted\AppData\Local\Protexis\KGyGaAvL.drv"
File:"No admin in ACL","C:\Users\Dana\AppData\Local\Protexis\04A45E2C25.drv"
File:"No admin in ACL","C:\Users\Dana\AppData\Local\Protexis\KGyGaAvL.drv"
File:"No admin in ACL","C:\ProgramData\Symantec\SRTSP\Quarantine"
File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine"
File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_1.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_2.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_3.txt"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe_4.txt"
File:"Unknown ADS","C:\PerfLogs\System\Diagnostics\20140731-0001\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"

tashi
2014-12-10, 01:29
Hello SolarOne,

The log appears normal so I'd just leave them be.

In general all items found by the RootAlyzer are not necessarily malicious but shows items it believes to be out of the ordinary and may give a hint for an infection.

Sometimes even legitimate software uses rootkit technologies. How is the computer running?

Best regards.