Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Command Prompt Help


  • Please log in to reply
5 replies to this topic

#1 fiddleman98

fiddleman98

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 30 August 2015 - 01:34 PM

Hi, I am new to "geek" stuff. I have been wanting to learn about the computer so I can know if I have a problem or if anything is up. I want to know if I have snoops or hackers or anything bad on my system, so I looked in command prompt (admin) and typed "netstat -ab" to look at my connections. I found a couple that seem odd to me as a newbie. Take a look at the text from command prompt:

 

Microsoft Windows [Version 10.0.10240]
© 2015 Microsoft Corporation. All rights reserved.
 
C:\WINDOWS\system32>netstat -ab
 
Active Connections
 
  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            York:0                 LISTENING
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:445            York:0                 LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:49408          York:0                 LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:49409          York:0                 LISTENING
  EventLog
 [svchost.exe]
  TCP    0.0.0.0:49410          York:0                 LISTENING
 [spoolsv.exe]
  TCP    0.0.0.0:49411          York:0                 LISTENING
  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49412          York:0                 LISTENING
 [lsass.exe]
  TCP    0.0.0.0:49414          York:0                 LISTENING
 Can not obtain ownership information
  TCP    127.0.0.1:4370         York:0                 LISTENING
 [SpotifyWebHelper.exe]
  TCP    127.0.0.1:4380         York:0                 LISTENING
 [SpotifyWebHelper.exe]
  TCP    192.168.1.75:139       York:0                 LISTENING
 Can not obtain ownership information
  TCP    192.168.1.75:51050     msnbot-65-52-108-209:https  ESTABLISHED
 [Explorer.EXE]
  TCP    192.168.1.75:51071     msnbot-65-52-108-224:https  ESTABLISHED
 [OneDrive.exe]
  TCP    192.168.1.75:51934     a-0001:https           ESTABLISHED
 [SearchUI.exe]
  TCP    192.168.1.75:51935     a-0001:https           ESTABLISHED
 [SearchUI.exe]
  TCP    [::]:135               York:0                 LISTENING
  RpcSs
 [svchost.exe]
  TCP    [::]:445               York:0                 LISTENING
 Can not obtain ownership information
  TCP    [::]:49408             York:0                 LISTENING
 Can not obtain ownership information
  TCP    [::]:49409             York:0                 LISTENING
  EventLog
 [svchost.exe]
  TCP    [::]:49410             York:0                 LISTENING
 [spoolsv.exe]
  TCP    [::]:49411             York:0                 LISTENING
  Schedule
 [svchost.exe]
  TCP    [::]:49412             York:0                 LISTENING
 [lsass.exe]
  TCP    [::]:49414             York:0                 LISTENING
 Can not obtain ownership information
  TCP    [::1]:49437            York:0                 LISTENING
 [jhi_service.exe]
  UDP    0.0.0.0:3544           *:*
  iphlpsvc
 [svchost.exe]
  UDP    0.0.0.0:5353           *:*
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:5355           *:*
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:50559          *:*
 [ekrn.exe]
  UDP    0.0.0.0:50560          *:*
 [ekrn.exe]
  UDP    127.0.0.1:1900         *:*
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:50525        *:*
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.75:137       *:*
 Can not obtain ownership information
  UDP    192.168.1.75:138       *:*
 Can not obtain ownership information
  UDP    192.168.1.75:1900      *:*
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.75:50524     *:*
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.75:57933     *:*
  iphlpsvc
 [svchost.exe]
  UDP    [::]:5353              *:*
  Dnscache
 [svchost.exe]
  UDP    [::]:5355              *:*
  Dnscache
 [svchost.exe]
  UDP    [::1]:1900             *:*
  SSDPSRV
 [svchost.exe]
  UDP    [::1]:50523            *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::108d:1db2:b4d9:719%4]:546  *:*
  Dhcp
 [svchost.exe]
  UDP    [fe80::d5b5:251d:f62a:9e67%16]:546  *:*
  Dhcp
 [svchost.exe]
  UDP    [fe80::d5b5:251d:f62a:9e67%16]:1900  *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::d5b5:251d:f62a:9e67%16]:50522  *:*
  SSDPSRV
 [svchost.exe]
 
C:\WINDOWS\system32>
 
 
I don't know how to identify bad ip addresses please help me with this.

Edited by hamluis, 30 August 2015 - 02:56 PM.
Moved from Win 10 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:03:38 PM

Posted 30 August 2015 - 02:58 PM

Unless your computer is having an issue or you suspect malware, you should not be concerned about this. If you do suspect that a hacker hacked into your machine, or you have a malware, then you can post at the Am I infected? forum.


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#3 fiddleman98

fiddleman98
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 30 August 2015 - 03:03 PM

CKing123, Thank you for moving this topic to the proper location. The reason I suspect something is because before I upgraded to Windows 10, I had Windows 8.1, my computer seemed to run more smoothly but it seems to lag sometimes or not be as "sharp" if you know what I mean. I understand that this could be due to bugs in the OS that are normal when it is new. I saw a host or whatever called "msnbot" that got my attention, should I check that out?

 

Here is what I was talking about:

 

TCP    192.168.1.75:61919     msnbot-65-52-108-186:https  ESTABLISHED


Edited by fiddleman98, 30 August 2015 - 03:05 PM.


#4 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:03:38 PM

Posted 30 August 2015 - 03:22 PM

That is the bing search. If you use Windows 10 search (even if you turn of web suggestions) it will search bing (if you turn off web suggestions it will just hide those results from the search bar)


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#5 fiddleman98

fiddleman98
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 30 August 2015 - 03:32 PM

Oh, the word "bot" caught my eye. Thanks, I am interested in learning about hacking but not illegal hacking, I just want to learn about the computer and I don't know where to learn all of the deep, cool stuff. I want to learn what I can do with the system and learn it inside and out so I can be comfortable with it. I want to be able to identify unwanted ip addresses or anything malicious. 



#6 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:03:38 PM

Posted 30 August 2015 - 05:51 PM

Well, one of the best ways to stay safe is to follow these best practices


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users