He doesn't, so I hope it is ok if I do. I bought a used PC with Windows 10 64-bit and made a rootkit scan this afternoon. Here is the result logfile:

Oh, uploading of the logfile is not possible, it says :

"Rootkits.171129-1723.log - Invalid File" Haha!

So I renamed the file to Rootkits.171129-1723.txt, let's see if I can upload it now....

Yes it worked! So - my question (of course): any threats? I don't know what ADS and ACL means.

// info: Rootkit removal help file
// copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109090070400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000051091C0000000100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000051091C0070400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109610070400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109810070400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109AB0070400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109B10070400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109B21070400100000000F01FEC:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE\UICaptions:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox\plugins:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server\110\Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15\1031:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15\DCF:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Cartridges:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Resources\1031:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\1031:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\1031:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD\ATI.ACE\Core-Static:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD\ATI.ACE\Branding\Welcome:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\7-Zip:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\IrfanView:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft.NET\ADOMD.NET\110:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft SQL Server\110\Shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office\Office15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office\Office15\1031:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Office\Office15\1031\DataServices:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\110\Cartridges:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\110\Resources\1031:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\DESIGNER:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\System\Ole DB:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\System\MSMAPI\1031:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\DCF.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\InfoPath.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Lync.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Office32.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Office32.WW:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\OneNote.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\OSM.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Outlook.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Proofing.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Publisher.de-de:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Classic Shell\Skins:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\CIM:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

Hello Skylark,

The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.

Sometimes even legitimate software uses rootkit technologies, the log isn't raising a flag.

How is the computer running, do you have an anti virus program installed? :)

Best regards.

Thank you, tashi! The computer is running well, it is the fastest PC I ever had and it has 8 GB RAM. The Antivirus software is Avast free.

Hi Skylark,

Good to hear, you should be good to go then. :kboard:

Cheers.

Thank you, but what means ADS and ACL?

Hello Skylark,

The RootAlyzer is an analyst tool and their terms may not be useful for most users.

For instance, unknown MBR just means that RootAlyzer does not know this pattern, this can have various reasons, perhaps usage of a bootloader.

Windows and several antivirus programs also store (temporary) information in ADS.

Alternate Data Streams (ADS) https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/

I do not see anything in the log that might require sending you to our malware forum to have other logs analyzed, especially as you have a computer that is running well. If the situation changes please let me know. :)

Best regards.