Suspicious system 0 process can't find

Discussion in 'Port Explorer' started by johncesta, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. johncesta

    johncesta Registered Member

    Joined:
    May 20, 2004
    Posts:
    13
    This one here is the one I am worried about:

    C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3110 131.153.0.185:139 Success

    It's a system 0 process can't kill it or spy on it.

    Thanks

    John


    05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3108 192.168.0.185:139 Success C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CLOSE TCP 0.0.0.0:3103 164.100.0.183:135 Success C:\WINNT\Explorer.EXE:1512 United States
    05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3109 164.100.0.184:139 Success C:\WINNT\Explorer.EXE:1512 United States
    05/07/2004 09:42:49am CLOSE TCP 0.0.0.0:3104 131.153.0.184:135 Success C:\WINNT\Explorer.EXE:1512 United States
    05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3110 131.153.0.185:139 Success C:\WINNT\Explorer.EXE:1512 United States
    05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\lsass.exe:240
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3111 255.255.255.255:1080 Success C:\WINNT\system32\lsass.exe:240
    05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
    05/07/2004 09:42:50am SEND UDP 0.0.0.0:3112 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
    05/07/2004 09:42:50am SEND UDP 0.0.0.0:3113 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
    05/07/2004 09:42:50am SEND UDP 0.0.0.0:3114 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am RECEIVE UDP 0.0.0.0:3114 216.219.244.20:53 Success 98 C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am CLOSE UDP 0.0.0.0:3114 216.219.244.20:53 Success C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    The IP 131.153.0.185 address seems to be legitimate business.

    OrgName: Sematech
    OrgID: SEMATE
    Address: 2706 Montopolis Dr.
    City: Austin
    StateProv: TX
    PostalCode: 78741
    Country: US

    NetRange: 131.153.0.0 - 131.153.255.255
    CIDR: 131.153.0.0/16
    NetName: SEMATECH
    NetHandle: NET-131-153-0-0-1
    Parent: NET-131-0-0-0-0
    NetType: Direct Assignment
    Comment:
    RegDate: 1988-11-29
    Updated: 2001-02-21

    TechHandle: MP5121-ARIN
    TechName: Porter, Mark
    TechPhone: +1-512-356-3213
    TechEmail: Mark.Porter@sematech.org
     
Thread Status:
Not open for further replies.