Suspicious system 0 process can't find

Discussion in 'Port Explorer' started by johncesta, Jul 5, 2004.

Thread Status:
Not open for further replies.
  1. johncesta

    johncesta Registered Member

    Joined:
    May 20, 2004
    Posts:
    13
    This one here is the one I am worried about:

    C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3110 131.153.0.185:139 Success

    It's a system 0 process can't kill it or spy on it.

    Thanks

    John


    05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3108 192.168.0.185:139 Success C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CLOSE TCP 0.0.0.0:3103 164.100.0.183:135 Success C:\WINNT\Explorer.EXE:1512 United States
    05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3109 164.100.0.184:139 Success C:\WINNT\Explorer.EXE:1512 United States
    05/07/2004 09:42:49am CLOSE TCP 0.0.0.0:3104 131.153.0.184:135 Success C:\WINNT\Explorer.EXE:1512 United States
    05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\Explorer.EXE:1512
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3110 131.153.0.185:139 Success C:\WINNT\Explorer.EXE:1512 United States
    05/07/2004 09:42:49am OPEN TCP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\lsass.exe:240
    05/07/2004 09:42:49am CONNECT TCP 0.0.0.0:3111 255.255.255.255:1080 Success C:\WINNT\system32\lsass.exe:240
    05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
    05/07/2004 09:42:50am SEND UDP 0.0.0.0:3112 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
    05/07/2004 09:42:50am SEND UDP 0.0.0.0:3113 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0 0.0.0.0:0 Success 0 C:\WINNT\system32\services.exe:228
    05/07/2004 09:42:50am SEND UDP 0.0.0.0:3114 216.219.244.20:53 Success 44 C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am RECEIVE UDP 0.0.0.0:3114 216.219.244.20:53 Success 98 C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am CLOSE UDP 0.0.0.0:3114 216.219.244.20:53 Success C:\WINNT\system32\services.exe:228 United States
    05/07/2004 09:42:50am OPEN UDP 0.0.0.0:0
     
    johncesta, Jul 5, 2004
    #1
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    The IP 131.153.0.185 address seems to be legitimate business.

    OrgName: Sematech
    OrgID: SEMATE
    Address: 2706 Montopolis Dr.
    City: Austin
    StateProv: TX
    PostalCode: 78741
    Country: US

    NetRange: 131.153.0.0 - 131.153.255.255
    CIDR: 131.153.0.0/16
    NetName: SEMATECH
    NetHandle: NET-131-153-0-0-1
    Parent: NET-131-0-0-0-0
    NetType: Direct Assignment
    Comment:
    RegDate: 1988-11-29
    Updated: 2001-02-21

    TechHandle: MP5121-ARIN
    TechName: Porter, Mark
    TechPhone: +1-512-356-3213
    TechEmail: Mark.Porter@sematech.org
     
    Dazed_and_Confused, Jul 5, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...