Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious registry files with RogueKiller


  • This topic is locked This topic is locked
3 replies to this topic

#1 Bender01

Bender01

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 24 September 2014 - 11:38 AM

RogueKiller found some registry files colored in grey. Here's the report:

 

 

RogueKiller V9.2.12.0 [Sep 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 09/24/2014  17:54:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44CAC955-3616-4913-8D47-D20D4031A036} | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8B76094-4E24-4004-8C6D-9F4EA3C4E0DC} | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{44CAC955-3616-4913-8D47-D20D4031A036} | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E8B76094-4E24-4004-8C6D-9F4EA3C4E0DC} | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{44CAC955-3616-4913-8D47-D20D4031A036} | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E8B76094-4E24-4004-8C6D-9F4EA3C4E0DC} | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44CAC955-3616-4913-8D47-D20D4031A036} | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E8B76094-4E24-4004-8C6D-9F4EA3C4E0DC} | DhcpNameServer : 62.101.93.101 83.103.25.250  -> Trovato
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trovato

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ I browser Web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] qj3j6dxf.default : user_pref("browser.startup.homepage", "www.google.it"); -> Trovato

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 3c0f3c7c5403a8311345d1a518e26eb7
[BSP] 4acce8607b174d9c2f68dde69f9c6f98 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

Avast, Malwarebytes and AdwCleaner found nothing.

 

I searched those 2 IPs with Google and it seems they're IPs for my provider. Probably it's nothing but I would like to be sure.


Edited by Bender01, 24 September 2014 - 11:42 AM.
Moved from Am I Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 24 September 2014 - 02:40 PM

Ciao,

these entries are nothing to worry about as they are legit. It's the DNS servers of an internet provider.
What was the reason to do a RogueKiller scan to begin with? Are there any problems or symptoms on your computer?

#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 29 September 2014 - 09:23 AM

I haven't heard from you for some time.
Do you still need help?

#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 04 October 2014 - 09:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users