PDA

View Full Version : Suspicious system 0 process can't find

johncesta
July 5th, 2004, 10:14 AM
This one here is the one I am worried about:

C:\WINNT\Explorer.EXE:1512
05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3110 131.153.0.185:139 Success

It's a system 0 process can't kill it or spy on it.

Thanks

John


05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3108 192.168.0.185:139 Success C:\WINNT\Explorer.EXE:1512
05/07/2004 09:42:49am CLOSE TCP 0.0.0.0:3103 164.100.0.183:135 Success C:\WINNT\Explorer.EXE:1512 United States
05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3109 164.100.0.184:139 Success C:\WINNT\Explorer.EXE:1512 United States
05/07/2004 09:42:49am CLOSE TCP 0.0.0.0:3104 131.153.0.184:135 Success C:\WINNT\Explorer.EXE:1512 United States
05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3110 131.153.0.185:139 Success C:\WINNT\Explorer.EXE:1512 United States
05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\lsass.exe:240
05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3111 255.255.255.255:1080 Success C:\WINNT\system32\lsass.exe:240
05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
05/07/2004 09:42:50am SEND UDP 0.0.0.0:3112 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
05/07/2004 09:42:50am SEND UDP 0.0.0.0:3113 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
05/07/2004 09:42:50am SEND UDP 0.0.0.0:3114 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
05/07/2004 09:42:50am RECEIVE UDP 0.0.0.0:3114 216.219.244.20:53 Success 98 C:\WINNT\system32\services.exe:228 United States
05/07/2004 09:42:50am CLOSE UDP 0.0.0.0:3114 216.219.244.20:53 Success C:\WINNT\system32\services.exe:228 United States
05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0
Dazed_and_Confused
July 5th, 2004, 12:08 PM
The IP 131.153.0.185 address seems to be legitimate business.

OrgName: Sematech (http://www.sematech.org/index.htm)
OrgID: SEMATE
Address: 2706 Montopolis Dr.
City: Austin
StateProv: TX
PostalCode: 78741
Country: US

NetRange: 131.153.0.0 - 131.153.255.255
CIDR: 131.153.0.0/16
NetName: SEMATECH
NetHandle: NET-131-153-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
Comment:
RegDate: 1988-11-29
Updated: 2001-02-21

TechHandle: MP5121-ARIN
TechName: Porter, Mark
TechPhone: +1-512-356-3213
TechEmail: Mark.Porter@sematech.org