We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

ROOTKIT REVEALER LOG

onsitez
onsitez asked
on
Medium Priority
2,856 Views
Last Modified: 2012-05-05
WHAT DO YOU THINK ?

HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp\DPNHUPnP\ActiveNATMappings\svchost (192.168.0.101:1162) 18372 UDP      3/13/2006 6:26 PM      32 bytes      Hidden from Windows API.


HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40      8/14/2005 6:44 AM      0 bytes      Hidden from Windows API.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007
Commented:
There is nothing there to be concerned about.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2008
Commented:
Greetings, onsitez !

Svchost is a window process.
http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/

jdgg40 is part of Alcohol 120%.  If you did not install this program, you can uninstall it from Add/Remove Programs
http://www.sysinternals.com/forum/forum_posts.asp?TID=378&PN=1&get=last

Here is more info on Alcohol 120%.
http://www.sysinternals.com/blog/2006_02_01_archive.html

Best wishes!
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Everything looks legit. Alcohol 120% is a CD/DVD emulating and burning program.
CERTIFIED EXPERT
Top Expert 2007

Commented:
sorry, looked like I was too lazy! no explanation, no links! :)

Author

Commented:
yes everyone tells ne the second one is alcohol 120, what about the first one, yes i know the svchost starts programs from dll, I think directplatnathelper is MS messengeror something like that ?  what about it rferencing my ip address and the udp port ?

Author

Commented:
sysinternals forum , they told me too the second was alcohol 120 also
CERTIFIED EXPERT
Top Expert 2008

Commented:
onsitez,

192.168.0.101:1162 belongs to IANA

http://www.dnsstuff.com/tools/whois.ch?ip=192.168.0.101%3A1162
LOL war1 :)
are you joking about private ip range or what? :))

onsitez, try scanning your system with HijacKThis, and upload your
log at www.hijackthis.de, and post the link to the uploaded log here,
for further assistance, to make sure your system is clear.
CERTIFIED EXPERT
Top Expert 2008

Commented:
onsitez, any update?
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.