Results 1 to 4 of 4

Thread: Rootkit Scan Log

  1. #1
    Junior Member
    Join Date
    May 2016
    Posts
    2

    Default Rootkit Scan Log

    Hello, my internet has problems and i did everything to solve it but still i'm having this problem so i wanted to take a closer look at my system with the Spybot free version. This is the result of the RootAlyzer:

    // info: Rootkit removal help file
    // copyright: (c) 2008-2016 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109090090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000051091A0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000051091C0000000100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000051091C0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000051091E0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000051092E0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109440090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109510090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109511090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109610090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109711090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109810090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109910090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109A10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109AB0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109B10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109B21090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109C20090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109E60090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109F10090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109F100A0C00100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\00005109F100C0400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\126E7DB51979F9D46A02B15A11357B94:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\57DB95FFA664A5D4DA32AA8DC7F54DC4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\5A440F64B8EC691489E4B56D25E563D1:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\6A6823D4BA6FA894284A4E0F0425F9D3:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\91785D291CBB3CC40AB8659C8E48CCC2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\asus\AppData\Local:0BXWJFZl4Nun3UM2MNg8JoX:$DATA"
    File:"Unknown ADS","C:\Users\asus\AppData\Local\Microsoft\Windows\INetCookies:409EGDZQ25QTxPvLzhsf5:$DATA"
    File:"Unknown ADS","C:\Users\asus\AppData\Local\Microsoft\Windows\INetCookies:TzX7KHxxSg372P960f0JvY9WE:$DATA"
    File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\OFFICE\UICaptions:Win32App_1:$DATA"
    File:"No admin in ACL","C:\ProgramData\McAfee\Proxy\data"
    File:"Unknown ADS","C:\ProgramData\Adobe\Adobe PDF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Apple Software Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\QuickTime:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Shutter:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\NICDRV_8169:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\Realtek Card Reader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NetService:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\My Company Name\My Product Name:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox\plugins:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft SQL Server\110\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15\DCF:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET MVC 4\Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Cartridges:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\McAfee\SiteAdvisor:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel Collaborative Processor Performance Control:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Processor Graphics:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Security Assist:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Lang:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ICEpower\AudioWizard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Dropbox\DropboxOEM:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\PX Storage Engine:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\Ole DB:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Sonic Shared\PX Drivers:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\PostureAgent\plugins\install:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\APRP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\ATK Package:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\Splendid:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\USBChargerPlus:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\WebStorage:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\WinFlash:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASUS\USBChargerPlus\Driver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Help:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\McAfee:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NvStreamSrv:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\ShadowPlay:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7DB345A6-E6F9-4E74-9BCB-4B13792280F2}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{949B579E-5C70-40D7-8B5E-B73E4AC483CD}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Optimus.{63CF9AC0-87D0-4FE7-97F6-F9E15A8A5ACD}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{E14BADC3-F46D-4F1A-84C1-68257D767552}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\GfExperienceService.{C9A4DED6-11E1-4A4F-B9CD-B4DA9FB985B9}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{84262487-A39B-4372-BFEC-F4E07498C6F2}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{1C55219A-033C-46CC-BBBE-4C09F3A6DF11}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft.NET\ADOMD.NET\110:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft SQL Server\110\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office15\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Office\Office15\1033\DataServices:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\110\Cartridges:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Analysis Services\AS OLEDB\110\Resources\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Chipset Device Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CONEXANT\cAudioFilterAgent:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CONEXANT\MA4String:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CONEXANT\SAII:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CONEXANT\SSPConfig:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\DESIGNER:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\System\Ole DB:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\System\MSMAPI\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Access.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\DCF.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\InfoPath.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Lync.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Office.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Office32.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Office32.WW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\OneNote.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\OSM.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Outlook.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Proofing.en-us:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Publisher.en-us:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

    Thank you for your help!

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,485

    Default

    Hello dcomlekci,

    In general items found by the RootAlyzer are not necessarily malicious, the log isn't waving a flag so please provide more information.

    For instance, the operating system and why you suspect an infection. Also please describe the Internet problems.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    May 2016
    Posts
    2

    Default

    Sure. My system is Windows 10 and my internet is disconnecting when i download or upload a file bigger than 20mb or when i play a multiplayer game in 5 min. I suspected because i saw that ntoskrnl.exe is using my disk and sometimes my ram between %5 to %70 so i thought that somethings can be wrong in my system.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,485

    Default

    Hi dcomlekci,

    ntoskrnl.exe has been linked to as a Windows 10 memory leak.

    I suggest starting a topic at What The Tech in this forum: Microsoft Windows™ so that a techie can try to troubleshoot the issue.

    If you do that please post the link here so I can follow.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •