Results 1 to 3 of 3

Thread: Help with Root Anlyzer Log

  1. #1
    Junior Member
    Join Date
    Sep 2016
    Posts
    1

    Default Help with Root Anlyzer Log

    Hi! Today I ran a root scan but I am not expert enough to recognize eventual threats. Could someone examine the below scan log? Is there anything I should be worried about? Thanks in advance

    // info: Rootkit removal help file
    // copyright: (c) 2008-2016 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Invisible to Win32","C:\Boott! s"
    File:"Unknown ADS","C:\Windows\SysWOW64\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\System32\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1A4DE204B5F8A783688899A7FB858B2F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2B7A37F2E05E6A93A9CBFE984E6CE263:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\39103BDF0ADFAAD3CAAC7AE5FE5E6370:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744CAF070E41400:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\84b9c17023c712640acaf308593282f8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\9214B3B9E0227C24C9B5196CE580584B:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\AA5C8F95DB19D324FB50908AF09398F8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\BE824E2CE6110C14E9482BD29ECC4AF2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D4ADA0CF5AF82544A8FF0F0AAB9CE77F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\ED428B7D23AD2774E9E5935C5118637A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Documents:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Immagini:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Music:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Musica:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Preferiti:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Preferiti condivisi:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Pubblica:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\SkyDrive\Documents\Tecniche:ms-properties:$DATA"
    File:"Unknown ADS","C:\Users\manuel\AppData\LocalLow\Adblock Plus for IE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\x64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Apple\Apple Application Support\kdrl:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\ABBYY\FineReaderSprint\9.00\Licenses:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD APP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Apple Software Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Freemake:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel Driver Update Utility:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\iTunes:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\K-Lite Codec Pack:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\OpenOffice 4:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\SystemRequirementsLab:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Contacts:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared\en-gb:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared\it:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\en-gb:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\it:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Installer\en-gb:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Installer\it:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\VideoLAN\VLC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Video to Video\Lav:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\NICDRV_8169:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Options14:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Java\jre1.8.0_101:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Processor Graphics:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\Documentation:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\Energy Star:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Recovery Manager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Registration Service:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Framework:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Utility Center:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\E-Web Print:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\Easy Photo Print:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\ECPrinterSetup:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\EPSON Printer Finder:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\EPSON Software\Common\Easy Photo Print Plugin\PMB:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\epson\Creativity Suite\Common\AppInfo1\Event Manager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\LabelPrint:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\Media Suite:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PhotoDirector:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\Power2Go8:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDirector10:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDVD10:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\YouCam:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PhotoDirector\Kernel\UACObject:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Skype:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Java\Java Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\ATI Technologies\Multimedia:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\CoreFP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Bonjour\Bonjour.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Welcome:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD AVT\bin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Content Viewer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Adblock Plus for IE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI Technologies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bonjour:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\IDT:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Microsoft Silverlight\5.1.50428.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iTunes\iTunesMiniPlayer.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\iPod\bin\iPodService.Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Hewlett-Packard\HP 3D DriveGuard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\EpsonNet\EpsonNet Print:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\DW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\ATI Technologies\Multimedia:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\CoreFP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI Technologies\ATI.ACE\Fuel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI\CIM:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\InputMethod\Jpn","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Marat,

    In general all items found by the RootAlyzer are not necessarily malicious, sometimes legitimate software uses rootkit technologies to hide registration data and such.

    The RootAlyzer is an analyst tool, was there a particular reason for you running a scan, how is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Apr 2017
    Posts
    1

    Default

    Thank you for clearing it up tashi!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •