Results 1 to 8 of 8

Thread: need help with log

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default need help with log

    // info: Rootkit removal help file
    // copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","D:\wow\World of Warcraft:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Atelier Sophie The Alchemist of the Mysterious Book:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\ChaosReborn:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Conclave:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Crush Online:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Endless Space 2:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Heroes Tactics:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Magic Duels:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Negligee:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Nights of Azure:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Regalia Of Men and Monarchs:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\SatelliteReign:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Soccer Manager 2017:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Stranger of Sword City:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Tom Clancy's The Division:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Tyranny:Win32App_1:$DATA"
    File:"Unknown ADS","D:\steam\steamapps\common\Battle Chasers Nightwar:Win32App_1:$DATA"
    File:"Unknown ADS","D:\steam\steamapps\common\Divinity Original Sin 2:Win32App_1:$DATA"
    File:"Unknown ADS","D:\Riot Games\Hextech Repair Tool\locales:Win32App_1:$DATA"
    File:"Unknown ADS","D:\ow\Hearthstone:Win32App_1:$DATA"
    File:"Unknown ADS","D:\ow\Overwatch:Win32App_1:$DATA"
    File:"Unknown ADS","D:\hos\Heroes of the Storm:Win32App_1:$DATA"
    File:"Unknown ADS","D:\d3\Diablo III:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows.old\Users\Public\Documents\MAGIX\Common:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows.old\Users\Public\Documents\MAGIX\Common\Soundpools\Basics_21:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows.old\Users\estef\AppData\Roaming\Curse Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows.old\Users\estef\AppData\Local\VirtualStore\Windows\SysWOW64:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Windows.old\Users\estef\AppData\Local\Temp\~DFBBFDB70ADB47FA8B.TMP"
    File:"No admin in ACL","C:\Windows.old\Users\estef\AppData\Local\Temp\~DFCF60FD47028BB574.TMP"
    File:"Unknown ADS","C:\Windows\System32:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\syswow64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\estef\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js:BDU:$DATA"
    File:"Unknown ADS","C:\Users\estef\AppData\Roaming\Twitch:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\estef\AppData\Local\VirtualStore\Windows\syswow64:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Users\estef\AppData\Local\Temp\~DF68F8675BDCB0D90C.TMP"
    File:"No admin in ACL","C:\Users\estef\AppData\Local\Temp\~DF6A0FDBD3C0F56E4A.TMP"
    File:"Unknown ADS","C:\Riot Games\League of Legends:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Riot Games\League of Legends\RADS\system:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Razer\Synapse\Modules\SystemInfo:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASM104xUSB3:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Blizzard App:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CDBurnerXP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Diablo III:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Heroes of the Storm:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HEX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\MSXML 4.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Razer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Security Task Manager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Razer\Synapse:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\3D Vision:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NetService:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Security Assist:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Lang:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ICEpower\AudioWizard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\MAGIX Services:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\PostureAgent\plugins\install:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bitdefender Agent:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NvStreamSrv:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\ShadowPlay:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{242743F5-75D5-4221-BF56-4915DA29CB5F}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{28F79545-1D99-4D37-90D9-2F4FE35A8C9B}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{99950D03-1DF5-4D89-A298-06DDC9D104D4}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\GfExperienceService.{35B2E534-5BF0-4EC6-93ED-86B446ABBFD4}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{16FD97B6-2488-46BC-A3A5-3EF0C8B44C30}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{AD48B0FD-4060-4E3D-AAAE-06ABA02D4923}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{F7685401-A801-4BDC-8865-E1727748A520}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Chipset Device Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bitdefender\Bitdefender Security:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

    can anybody help me what this result means ?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465

    Default

    Hello estest,

    The RootAlyzer is an analyst tool, sometimes even legitimate software uses rootkit technologies.

    What is the operating system and did you have any particular reason for running a rootkit scan, how is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default

    operating System is win 10 and the reason for the search is that im no Computer expert and i just wanted to check

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465

    Default

    Hello estest,

    Let us know if your computer shows any sign of an infection and we will go from there.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default

    bitdefender and spybot found no signs of infection but i still wonder what my pc is doing because i do not understand all the processes

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465

    Default

    Hello estest,

    Quote Originally Posted by estest View Post
    bitdefender and spybot found no signs of infection but i still wonder what my pc is doing because i do not understand all the processes
    Which particular processes are you concerned about?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •