|
-
December 10th, 2008, 03:20 AM
#3
Here's what I've got for you...
Nothing terribly suspicious to my amateur eye. Scheduler and PolicyAgent are functions within Vista that I've looked into. Can those processes be safely killed and prevented from launching at startup?
I don't know where the 'cannot obtain ownership information' is coming from. My OS is fully licensed and legal.
O
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>netstat -anb
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
Eventlog
[svchost.exe]
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
PolicyAgent
[svchost.exe]
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
[services.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP xx.xx.xx.xx:139 0.0.0.0:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP xx.xx.xx.xx:1085 74.125.95.83:443 CLOSE_WAIT
[firefox.exe]
TCP xx.xx.xx.xx:1247 74.125.95.83:443 CLOSE_WAIT
[firefox.exe]
TCP xx.xx.xx.xx:1280 74.125.95.17:443 CLOSE_WAIT
[firefox.exe]
TCP xx.xx.xx.xx:1344 74.125.95.17:443 CLOSE_WAIT
[firefox.exe]
TCP xx.xx.xx.xx:1352 74.125.95.83:443 CLOSE_WAIT
[firefox.exe]
TCP xx.xx.xx.80:1611 67.135.105.137:80 TIME_WAIT
TCP xx.xx.xx.80:1612 67.135.105.137:80 TIME_WAIT
TCP 127.0.0.1:1074 127.0.0.1:1075 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1075 127.0.0.1:1074 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1076 127.0.0.1:1077 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:1077 127.0.0.1:1076 ESTABLISHED
[firefox.exe]
TCP [::]:135 [::]:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
TCP [::]:1025 [::]:0 LISTENING
[wininit.exe]
TCP [::]:1026 [::]:0 LISTENING
Eventlog
[svchost.exe]
TCP [::]:1027 [::]:0 LISTENING
[lsass.exe]
TCP [::]:1028 [::]:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:1029 [::]:0 LISTENING
PolicyAgent
[svchost.exe]
TCP [::]:1030 [::]:0 LISTENING
[services.exe]
TCP [::]:5357 [::]:0 LISTENING
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
UDP 0.0.0.0:123 *:*
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:4500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:*
Dnscache
[svchost.exe]
UDP 0.0.0.0:64033 *:*
FDResPub
[svchost.exe]
UDP *:*
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
UDP xx.xx.xx.xx:138 *:*
Can not obtain ownership information
x: Windows Sockets initialization failed: 5
UDP 127.0.0.1:61862 *:*
[sidebar.exe]
UDP [::]:123 *:*
W32Time
[svchost.exe]
UDP [::]:500 *:*
IKEEXT
[svchost.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:64034 *:*
FDResPub
[svchost.exe]
C:\Users\Administrator>tasklist /svc
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 380 N/A
csrss.exe 452 N/A
wininit.exe 500 N/A
csrss.exe 512 N/A
services.exe 544 N/A
lsass.exe 556 SamSs
lsm.exe 564 N/A
winlogon.exe 652 N/A
svchost.exe 760 DcomLaunch, PlugPlay
nvvsvc.exe 808 nvsvc
svchost.exe 836 RpcSs
svchost.exe 876 WinDefend
svchost.exe 968 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
svchost.exe 1012 AudioEndpointBuilder, EMDMgmt, hidserv,
Netman, PcaSvc, SysMain,
TabletInputService, TrkWks, UxSms,
WdiSystemHost, WPDBusEnum, wudfsvc
svchost.exe 1044 AeLookupSvc, BITS, Browser, gpsvc, IKEEXT,
iphlpsvc, LanmanServer, MMCSS, ProfSvc,
RasMan, Schedule, seclogon, SENS,
ShellHWDetection, Themes, Winmgmt, wuauserv
audiodg.exe 1144 N/A
SLsvc.exe 1176 slsvc
svchost.exe 1224 EventSystem, fdPHost, FDResPub,
LanmanWorkstation, netprofm, nsi, SstpSvc,
W32Time, WebClient
rundll32.exe 1244 N/A
svchost.exe 1396 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
TermService
vsmon.exe 1460 vsmon
ScanningProcess.exe 1776 N/A
spoolsv.exe 1908 Spooler
ScanningProcess.exe 1948 N/A
svchost.exe 2032 BFE, DPS, MpsSvc
dwm.exe 1168 N/A
taskeng.exe 1356 N/A
explorer.exe 1592 N/A
taskeng.exe 1900 N/A
GoogleUpdate.exe 1268 N/A
MSASCui.exe 2092 N/A
itype.exe 2128 N/A
ipoint.exe 2164 N/A
rundll32.exe 2244 N/A
zlclient.exe 2320 N/A
dpupdchk.exe 2392 N/A
sidebar.exe 2428 N/A
RivaTuner.exe 2468 N/A
GoogleUpdaterService.exe 2584 gusvc
svchost.exe 2740 Net Driver HPZ12
svchost.exe 2804 Pml Driver HPZ12
svchost.exe 2828 PolicyAgent
svchost.exe 2856 stisvc
svchost.exe 2912 WerSvc
SearchIndexer.exe 2948 WSearch
WUDFHost.exe 3292 N/A
mobsync.exe 3480 N/A
wmpnscfg.exe 3704 N/A
unsecapp.exe 3916 N/A
WmiPrvSE.exe 4000 N/A
mantispm.exe 1372 N/A
firefox.exe 1300 N/A
cmd.exe 1264 N/A
tasklist.exe 2784 N/A
WmiPrvSE.exe 2696 N/A
C:\Users\Administrator>
Last edited by Ouroboros; December 10th, 2008 at 03:27 AM.
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
-Occam's Razor
Similar Threads
-
By Irongeek in forum Security News
Replies: 9
Last Post: January 31st, 2006, 10:24 PM
-
By ali1 in forum Web Security
Replies: 13
Last Post: August 7th, 2004, 12:04 AM
-
By novkhan in forum Operating Systems
Replies: 3
Last Post: May 12th, 2004, 09:05 PM
-
By InfiniteL00p in forum IDS & Scanner Discussions
Replies: 9
Last Post: February 1st, 2004, 02:05 AM
-
By July in forum AntiOnline's General Chit Chat
Replies: 7
Last Post: March 9th, 2003, 12:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote