• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2805
  • Last Modified:

ROOTKIT REVEALER LOG

WHAT DO YOU THINK ?

HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp\DPNHUPnP\ActiveNATMappings\svchost (192.168.0.101:1162) 18372 UDP      3/13/2006 6:26 PM      32 bytes      Hidden from Windows API.


HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40      8/14/2005 6:44 AM      0 bytes      Hidden from Windows API.
0
onsitez
Asked:
onsitez
  • 3
  • 2
  • 2
  • +2
3 Solutions
 
rpggamergirlCommented:
There is nothing there to be concerned about.
0
 
war1Commented:
Greetings, onsitez !

Svchost is a window process.
http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/

jdgg40 is part of Alcohol 120%.  If you did not install this program, you can uninstall it from Add/Remove Programs
http://www.sysinternals.com/forum/forum_posts.asp?TID=378&PN=1&get=last

Here is more info on Alcohol 120%.
http://www.sysinternals.com/blog/2006_02_01_archive.html

Best wishes!
0
 
masnrockCommented:
Everything looks legit. Alcohol 120% is a CD/DVD emulating and burning program.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
rpggamergirlCommented:
sorry, looked like I was too lazy! no explanation, no links! :)
0
 
onsitezAuthor Commented:
yes everyone tells ne the second one is alcohol 120, what about the first one, yes i know the svchost starts programs from dll, I think directplatnathelper is MS messengeror something like that ?  what about it rferencing my ip address and the udp port ?
0
 
onsitezAuthor Commented:
sysinternals forum , they told me too the second was alcohol 120 also
0
 
war1Commented:
onsitez,

192.168.0.101:1162 belongs to IANA

http://www.dnsstuff.com/tools/whois.ch?ip=192.168.0.101%3A1162
0
 
nepostojeci_emailCommented:
LOL war1 :)
are you joking about private ip range or what? :))

onsitez, try scanning your system with HijacKThis, and upload your
log at www.hijackthis.de, and post the link to the uploaded log here,
for further assistance, to make sure your system is clear.
0
 
war1Commented:
onsitez, any update?
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now