need help with log [Archive] - Safer-Networking Forums

estest

2017-10-23, 17:11

// info: Rootkit removal help file
// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","D:\wow\World of Warcraft:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Atelier Sophie The Alchemist of the Mysterious Book:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\ChaosReborn:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Conclave:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Crush Online:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Endless Space 2:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Heroes Tactics:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Magic Duels:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Negligee:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Nights of Azure:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Regalia Of Men and Monarchs:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\SatelliteReign:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Soccer Manager 2017:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Stranger of Sword City:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Tom Clancy's The Division:Win32App_1:$DATA"
File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Tyranny:Win32App_1:$DATA"
File:"Unknown ADS","D:\steam\steamapps\common\Battle Chasers Nightwar:Win32App_1:$DATA"
File:"Unknown ADS","D:\steam\steamapps\common\Divinity Original Sin 2:Win32App_1:$DATA"
File:"Unknown ADS","D:\Riot Games\Hextech Repair Tool\locales:Win32App_1:$DATA"
File:"Unknown ADS","D:\ow\Hearthstone:Win32App_1:$DATA"
File:"Unknown ADS","D:\ow\Overwatch:Win32App_1:$DATA"
File:"Unknown ADS","D:\hos\Heroes of the Storm:Win32App_1:$DATA"
File:"Unknown ADS","D:\d3\Diablo III:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Users\Public\Documents\MAGIX\Common:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Users\Public\Documents\MAGIX\Common\Soundpools\Basics_21:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Users\estef\AppData\Roaming\Curse Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows.old\Users\estef\AppData\Local\VirtualStore\Windows\SysWOW64:Win32App_1:$DATA"
File:"No admin in ACL","C:\Windows.old\Users\estef\AppData\Local\Temp\~DFBBFDB70ADB47FA8B.TMP"
File:"No admin in ACL","C:\Windows.old\Users\estef\AppData\Local\Temp\~DFCF60FD47028BB574.TMP"
File:"Unknown ADS","C:\Windows\System32:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\syswow64:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\estef\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js:BDU:$DATA"
File:"Unknown ADS","C:\Users\estef\AppData\Roaming\Twitch:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\estef\AppData\Local\VirtualStore\Windows\syswow64:Win32App_1:$DATA"
File:"No admin in ACL","C:\Users\estef\AppData\Local\Temp\~DF68F8675BDCB0D90C.TMP"
File:"No admin in ACL","C:\Users\estef\AppData\Local\Temp\~DF6A0FDBD3C0F56E4A.TMP"
File:"Unknown ADS","C:\Riot Games\League of Legends:Win32App_1:$DATA"
File:"Unknown ADS","C:\Riot Games\League of Legends\RADS\system:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Razer\Synapse\Modules\SystemInfo:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ASM104xUSB3:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Blizzard App:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\CDBurnerXP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Diablo III:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Heroes of the Storm:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\HEX:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\MSXML 4.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Razer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Realtek:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Security Task Manager:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Razer\Synapse:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\3D Vision:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NetService:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Security Assist:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Lang:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ICEpower\AudioWizard:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\MAGIX Services:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\PostureAgent\plugins\install:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Bitdefender Agent:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NvStreamSrv:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\ShadowPlay:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{242743F5-75D5-4221-BF56-4915DA29CB5F}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{28F79545-1D99-4D37-90D9-2F4FE35A8C9B}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{99950D03-1DF5-4D89-A298-06DDC9D104D4}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\GfExperienceService.{35B2E534-5BF0-4EC6-93ED-86B446ABBFD4}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{16FD97B6-2488-46BC-A3A5-3EF0C8B44C30}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{AD48B0FD-4060-4E3D-AAAE-06ABA02D4923}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{F7685401-A801-4BDC-8865-E1727748A520}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Chipset Device Software:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Bitdefender\Bitdefender Security:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

can anybody help me what this result means ?

tashi

2017-10-23, 17:18

Hello estest,

The RootAlyzer is an analyst tool, sometimes even legitimate software uses rootkit technologies.

What is the operating system and did you have any particular reason for running a rootkit scan, how is the computer running?

Best regards. :)

estest

2017-10-23, 17:22

operating System is win 10 and the reason for the search is that im no Computer expert and i just wanted to check

tashi

2017-10-23, 17:54

Hello estest,

Let us know if your computer shows any sign of an infection and we will go from there. :)

Best regards.

estest

2017-10-23, 18:23

bitdefender and spybot found no signs of infection but i still wonder what my pc is doing because i do not understand all the processes

tashi

2017-10-23, 18:43

Hello estest,

bitdefender and spybot found no signs of infection but i still wonder what my pc is doing because i do not understand all the processes

Which particular processes are you concerned about?

Best regards.

estest

2017-10-23, 18:55

when the search says no admin in acl and it Shows a red flag shouldnt i be concerned about this.....

i just wonder if someone is getting remote acces to my Computer without me knowing and if he has admin rights.
how will i ever find out if i dont even understand this Software results :(

tashi

2017-10-23, 19:16

Hello estest,

If you take a look at logs people have posted in this forum you will see "No admin in ACL" has not equaled a threat, nor does it mean someone has remote access to your computer.

The RootAlyzer is an analyst tool, sometimes even legitimate software uses rootkit technologies.

If your anti virus program and other security software have not flagged any malware and your computer shows no sign of infection there is little reason to worry. :)

However if in doubt someone can take a look at the system if you start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

To do this please see that forum's FAQ which has instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis. :kboard:

http://forums.spybot.info/showthread.php?t=288

Best regards.