Results 1 to 8 of 8

Thread: need help with log

  1. #1
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default need help with log

    // info: Rootkit removal help file
    // copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","D:\wow\World of Warcraft:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Atelier Sophie The Alchemist of the Mysterious Book:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\ChaosReborn:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Conclave:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Crush Online:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Endless Space 2:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Heroes Tactics:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Magic Duels:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Negligee:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Nights of Azure:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Regalia Of Men and Monarchs:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\SatelliteReign:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Soccer Manager 2017:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Stranger of Sword City:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Tom Clancy's The Division:Win32App_1:$DATA"
    File:"Unknown ADS","D:\SteamLibrary\steamapps\common\Tyranny:Win32App_1:$DATA"
    File:"Unknown ADS","D:\steam\steamapps\common\Battle Chasers Nightwar:Win32App_1:$DATA"
    File:"Unknown ADS","D:\steam\steamapps\common\Divinity Original Sin 2:Win32App_1:$DATA"
    File:"Unknown ADS","D:\Riot Games\Hextech Repair Tool\locales:Win32App_1:$DATA"
    File:"Unknown ADS","D:\ow\Hearthstone:Win32App_1:$DATA"
    File:"Unknown ADS","D:\ow\Overwatch:Win32App_1:$DATA"
    File:"Unknown ADS","D:\hos\Heroes of the Storm:Win32App_1:$DATA"
    File:"Unknown ADS","D:\d3\Diablo III:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows.old\Users\Public\Documents\MAGIX\Common:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows.old\Users\Public\Documents\MAGIX\Common\Soundpools\Basics_21:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows.old\Users\estef\AppData\Roaming\Curse Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows.old\Users\estef\AppData\Local\VirtualStore\Windows\SysWOW64:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Windows.old\Users\estef\AppData\Local\Temp\~DFBBFDB70ADB47FA8B.TMP"
    File:"No admin in ACL","C:\Windows.old\Users\estef\AppData\Local\Temp\~DFCF60FD47028BB574.TMP"
    File:"Unknown ADS","C:\Windows\System32:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\syswow64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\estef\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js:BDU:$DATA"
    File:"Unknown ADS","C:\Users\estef\AppData\Roaming\Twitch:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Users\estef\AppData\Local\VirtualStore\Windows\syswow64:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Users\estef\AppData\Local\Temp\~DF68F8675BDCB0D90C.TMP"
    File:"No admin in ACL","C:\Users\estef\AppData\Local\Temp\~DF6A0FDBD3C0F56E4A.TMP"
    File:"Unknown ADS","C:\Riot Games\League of Legends:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Riot Games\League of Legends\RADS\system:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\Razer\Synapse\Modules\SystemInfo:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ASM104xUSB3:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Blizzard App:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CDBurnerXP:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Diablo III:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Heroes of the Storm:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\HEX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\MSXML 4.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Razer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Security Task Manager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Razer\Synapse:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\3D Vision:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NetService:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Security Assist:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Lang:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ICEpower\AudioWizard:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\MAGIX Services:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\PostureAgent\plugins\install:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bitdefender Agent:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\NvStreamSrv:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\ShadowPlay:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{242743F5-75D5-4221-BF56-4915DA29CB5F}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{28F79545-1D99-4D37-90D9-2F4FE35A8C9B}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{99950D03-1DF5-4D89-A298-06DDC9D104D4}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\GfExperienceService.{35B2E534-5BF0-4EC6-93ED-86B446ABBFD4}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{16FD97B6-2488-46BC-A3A5-3EF0C8B44C30}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{AD48B0FD-4060-4E3D-AAAE-06ABA02D4923}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{F7685401-A801-4BDC-8865-E1727748A520}:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Chipset Device Software:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Bitdefender\Bitdefender Security:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

    can anybody help me what this result means ?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello estest,

    The RootAlyzer is an analyst tool, sometimes even legitimate software uses rootkit technologies.

    What is the operating system and did you have any particular reason for running a rootkit scan, how is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default

    operating System is win 10 and the reason for the search is that im no Computer expert and i just wanted to check

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello estest,

    Let us know if your computer shows any sign of an infection and we will go from there.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default

    bitdefender and spybot found no signs of infection but i still wonder what my pc is doing because i do not understand all the processes

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello estest,

    Quote Originally Posted by estest View Post
    bitdefender and spybot found no signs of infection but i still wonder what my pc is doing because i do not understand all the processes
    Which particular processes are you concerned about?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member
    Join Date
    Oct 2017
    Posts
    4

    Default

    when the search says no admin in acl and it Shows a red flag shouldnt i be concerned about this.....

    i just wonder if someone is getting remote acces to my Computer without me knowing and if he has admin rights.
    how will i ever find out if i dont even understand this Software results :(

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello estest,

    If you take a look at logs people have posted in this forum you will see "No admin in ACL" has not equaled a threat, nor does it mean someone has remote access to your computer.

    Quote Originally Posted by tashi View Post
    The RootAlyzer is an analyst tool, sometimes even legitimate software uses rootkit technologies.
    If your anti virus program and other security software have not flagged any malware and your computer shows no sign of infection there is little reason to worry.

    However if in doubt someone can take a look at the system if you start a topic in the Malware Removal Forum

    To do this please see that forum's FAQ which has instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •