Windows系统下的进程只能在netstat中被看到正常吗?
最近手贱下了几个破解软件以后(忘了先扔虚拟机里测试了)想看看系统是不是有问题,发现一个奇怪的现象。
tasklist 输出如下,可以看到并没有pid为4196的进程。但是用netstat -tabno 可以发现有一名为“system”,pid4196的进程在监听UDP,5050端口。试了用管理员权限运行任务管理器,资源监视器,powershell get-process都找不到这个pid为4196的进程。谷歌一番没有任何收获。有没有什么办法知道这个进程的信息(比如路径,为什么只会出现在netstat中,是否有害)的方法?
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 924
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 884
[lsass.exe]
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 792
Can not obtain ownership information
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1868
EventLog
[svchost.exe]
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1620
Schedule
[svchost.exe]
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 864
Can not obtain ownership information
TCP 127.0.0.1:9150 0.0.0.0:0 LISTENING 1520
[tor.exe]
TCP 127.0.0.1:9150 127.0.0.1:52454 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:9151 0.0.0.0:0 LISTENING 1520
[tor.exe]
TCP 127.0.0.1:9151 127.0.0.1:52345 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:9151 127.0.0.1:52346 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:9151 127.0.0.1:52355 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:52185 127.0.0.1:52186 ESTABLISHED 2228
[firefox.exe]
TCP 127.0.0.1:52186 127.0.0.1:52185 ESTABLISHED 2228
[firefox.exe]
TCP 127.0.0.1:52187 127.0.0.1:52188 ESTABLISHED 9780
[firefox.exe]
TCP 127.0.0.1:52188 127.0.0.1:52187 ESTABLISHED 9780
[firefox.exe]
TCP 127.0.0.1:52192 127.0.0.1:52193 ESTABLISHED 10268
[firefox.exe]
TCP 127.0.0.1:52193 127.0.0.1:52192 ESTABLISHED 10268
[firefox.exe]
TCP 127.0.0.1:52197 127.0.0.1:52198 ESTABLISHED 10304
[firefox.exe]
TCP 127.0.0.1:52198 127.0.0.1:52197 ESTABLISHED 10304
[firefox.exe]
TCP 127.0.0.1:52309 127.0.0.1:52310 ESTABLISHED 5796
[firefox.exe]
TCP 127.0.0.1:52310 127.0.0.1:52309 ESTABLISHED 5796
[firefox.exe]
TCP 127.0.0.1:52320 127.0.0.1:52321 ESTABLISHED 2776
[firefox.exe]
TCP 127.0.0.1:52321 127.0.0.1:52320 ESTABLISHED 2776
[firefox.exe]
TCP 127.0.0.1:52341 127.0.0.1:52342 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52342 127.0.0.1:52341 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52343 127.0.0.1:52344 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:52344 127.0.0.1:52343 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:52345 127.0.0.1:9151 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52346 127.0.0.1:9151 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52353 127.0.0.1:52354 ESTABLISHED 3768
[firefox.exe]
TCP 127.0.0.1:52354 127.0.0.1:52353 ESTABLISHED 3768
[firefox.exe]
TCP 127.0.0.1:52355 127.0.0.1:9151 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52359 127.0.0.1:52360 ESTABLISHED 10880
[firefox.exe]
TCP 127.0.0.1:52360 127.0.0.1:52359 ESTABLISHED 10880
[firefox.exe]
TCP 127.0.0.1:52361 127.0.0.1:52362 ESTABLISHED 5604
[firefox.exe]
TCP 127.0.0.1:52362 127.0.0.1:52361 ESTABLISHED 5604
[firefox.exe]
TCP 127.0.0.1:52366 127.0.0.1:52367 ESTABLISHED 8888
[firefox.exe]
TCP 127.0.0.1:52367 127.0.0.1:52366 ESTABLISHED 8888
[firefox.exe]
TCP 127.0.0.1:52450 127.0.0.1:9150 TIME_WAIT 0
TCP 127.0.0.1:52454 127.0.0.1:9150 ESTABLISHED 7696
[firefox.exe]
TCP 169.254.177.109:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 192.168.1.103:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 192.168.1.103:52196 xxxxxxxx:443 ESTABLISHED 2228
[firefox.exe]
TCP 192.168.1.103:52351 xxxxxxxx:443 ESTABLISHED 1520
[tor.exe]
TCP 192.168.56.1:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP [::]:135 [::]:0 LISTENING 924
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:49664 [::]:0 LISTENING 884
[lsass.exe]
TCP [::]:49665 [::]:0 LISTENING 792
Can not obtain ownership information
TCP [::]:49666 [::]:0 LISTENING 1868
EventLog
[svchost.exe]
TCP [::]:49667 [::]:0 LISTENING 1620
Schedule
[svchost.exe]
TCP [::]:49670 [::]:0 LISTENING 864
Can not obtain ownership information
UDP 0.0.0.0:5050 *:* 4196
[System]
UDP 0.0.0.0:5353 *:* 2612
Dnscache
[svchost.exe]
UDP 0.0.0.0:5355 *:* 2612
Dnscache
[svchost.exe]
UDP 127.0.0.1:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:62372 *:* 4092
SSDPSRV
[svchost.exe]
UDP 169.254.177.109:137 *:* 4
Can not obtain ownership information
UDP 169.254.177.109:138 *:* 4
Can not obtain ownership information
UDP 169.254.177.109:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP 169.254.177.109:62370 *:* 4092
SSDPSRV
[svchost.exe]
UDP 192.168.1.103:137 *:* 4
Can not obtain ownership information
UDP 192.168.1.103:138 *:* 4
Can not obtain ownership information
UDP 192.168.1.103:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP 192.168.1.103:62371 *:* 4092
SSDPSRV
[svchost.exe]
UDP 192.168.56.1:137 *:* 4
Can not obtain ownership information
UDP 192.168.56.1:138 *:* 4
Can not obtain ownership information
UDP 192.168.56.1:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP 192.168.56.1:62369 *:* 4092
SSDPSRV
[svchost.exe]
UDP [::]:5353 *:* 2612
Dnscache
[svchost.exe]
UDP [::]:5355 *:* 2612
Dnscache
[svchost.exe]
UDP [::1]:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP [::1]:62368 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::58eb:f3d9:6ad2:b583]:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::58eb:f3d9:6ad2:b583]:62365 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::b00a:ee1f:a3d4:b16d%2]:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::b00a:ee1f:a3d4:b16d%2]:62366 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::f15f:1d33:1ce5:b1bf]:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::f15f:1d33:1ce5:b1bf]:62367 *:* 4092
SSDPSRV
[svchost.exe]
tasklist 输出如下,可以看到并没有pid为4196的进程。但是用netstat -tabno 可以发现有一名为“system”,pid4196的进程在监听UDP,5050端口。试了用管理员权限运行任务管理器,资源监视器,powershell get-process都找不到这个pid为4196的进程。谷歌一番没有任何收获。有没有什么办法知道这个进程的信息(比如路径,为什么只会出现在netstat中,是否有害)的方法?
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 924
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 884
[lsass.exe]
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 792
Can not obtain ownership information
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1868
EventLog
[svchost.exe]
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1620
Schedule
[svchost.exe]
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 864
Can not obtain ownership information
TCP 127.0.0.1:9150 0.0.0.0:0 LISTENING 1520
[tor.exe]
TCP 127.0.0.1:9150 127.0.0.1:52454 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:9151 0.0.0.0:0 LISTENING 1520
[tor.exe]
TCP 127.0.0.1:9151 127.0.0.1:52345 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:9151 127.0.0.1:52346 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:9151 127.0.0.1:52355 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:52185 127.0.0.1:52186 ESTABLISHED 2228
[firefox.exe]
TCP 127.0.0.1:52186 127.0.0.1:52185 ESTABLISHED 2228
[firefox.exe]
TCP 127.0.0.1:52187 127.0.0.1:52188 ESTABLISHED 9780
[firefox.exe]
TCP 127.0.0.1:52188 127.0.0.1:52187 ESTABLISHED 9780
[firefox.exe]
TCP 127.0.0.1:52192 127.0.0.1:52193 ESTABLISHED 10268
[firefox.exe]
TCP 127.0.0.1:52193 127.0.0.1:52192 ESTABLISHED 10268
[firefox.exe]
TCP 127.0.0.1:52197 127.0.0.1:52198 ESTABLISHED 10304
[firefox.exe]
TCP 127.0.0.1:52198 127.0.0.1:52197 ESTABLISHED 10304
[firefox.exe]
TCP 127.0.0.1:52309 127.0.0.1:52310 ESTABLISHED 5796
[firefox.exe]
TCP 127.0.0.1:52310 127.0.0.1:52309 ESTABLISHED 5796
[firefox.exe]
TCP 127.0.0.1:52320 127.0.0.1:52321 ESTABLISHED 2776
[firefox.exe]
TCP 127.0.0.1:52321 127.0.0.1:52320 ESTABLISHED 2776
[firefox.exe]
TCP 127.0.0.1:52341 127.0.0.1:52342 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52342 127.0.0.1:52341 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52343 127.0.0.1:52344 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:52344 127.0.0.1:52343 ESTABLISHED 1520
[tor.exe]
TCP 127.0.0.1:52345 127.0.0.1:9151 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52346 127.0.0.1:9151 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52353 127.0.0.1:52354 ESTABLISHED 3768
[firefox.exe]
TCP 127.0.0.1:52354 127.0.0.1:52353 ESTABLISHED 3768
[firefox.exe]
TCP 127.0.0.1:52355 127.0.0.1:9151 ESTABLISHED 7696
[firefox.exe]
TCP 127.0.0.1:52359 127.0.0.1:52360 ESTABLISHED 10880
[firefox.exe]
TCP 127.0.0.1:52360 127.0.0.1:52359 ESTABLISHED 10880
[firefox.exe]
TCP 127.0.0.1:52361 127.0.0.1:52362 ESTABLISHED 5604
[firefox.exe]
TCP 127.0.0.1:52362 127.0.0.1:52361 ESTABLISHED 5604
[firefox.exe]
TCP 127.0.0.1:52366 127.0.0.1:52367 ESTABLISHED 8888
[firefox.exe]
TCP 127.0.0.1:52367 127.0.0.1:52366 ESTABLISHED 8888
[firefox.exe]
TCP 127.0.0.1:52450 127.0.0.1:9150 TIME_WAIT 0
TCP 127.0.0.1:52454 127.0.0.1:9150 ESTABLISHED 7696
[firefox.exe]
TCP 169.254.177.109:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 192.168.1.103:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 192.168.1.103:52196 xxxxxxxx:443 ESTABLISHED 2228
[firefox.exe]
TCP 192.168.1.103:52351 xxxxxxxx:443 ESTABLISHED 1520
[tor.exe]
TCP 192.168.56.1:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP [::]:135 [::]:0 LISTENING 924
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:49664 [::]:0 LISTENING 884
[lsass.exe]
TCP [::]:49665 [::]:0 LISTENING 792
Can not obtain ownership information
TCP [::]:49666 [::]:0 LISTENING 1868
EventLog
[svchost.exe]
TCP [::]:49667 [::]:0 LISTENING 1620
Schedule
[svchost.exe]
TCP [::]:49670 [::]:0 LISTENING 864
Can not obtain ownership information
UDP 0.0.0.0:5050 *:* 4196
[System]
UDP 0.0.0.0:5353 *:* 2612
Dnscache
[svchost.exe]
UDP 0.0.0.0:5355 *:* 2612
Dnscache
[svchost.exe]
UDP 127.0.0.1:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:62372 *:* 4092
SSDPSRV
[svchost.exe]
UDP 169.254.177.109:137 *:* 4
Can not obtain ownership information
UDP 169.254.177.109:138 *:* 4
Can not obtain ownership information
UDP 169.254.177.109:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP 169.254.177.109:62370 *:* 4092
SSDPSRV
[svchost.exe]
UDP 192.168.1.103:137 *:* 4
Can not obtain ownership information
UDP 192.168.1.103:138 *:* 4
Can not obtain ownership information
UDP 192.168.1.103:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP 192.168.1.103:62371 *:* 4092
SSDPSRV
[svchost.exe]
UDP 192.168.56.1:137 *:* 4
Can not obtain ownership information
UDP 192.168.56.1:138 *:* 4
Can not obtain ownership information
UDP 192.168.56.1:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP 192.168.56.1:62369 *:* 4092
SSDPSRV
[svchost.exe]
UDP [::]:5353 *:* 2612
Dnscache
[svchost.exe]
UDP [::]:5355 *:* 2612
Dnscache
[svchost.exe]
UDP [::1]:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP [::1]:62368 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::58eb:f3d9:6ad2:b583]:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::58eb:f3d9:6ad2:b583]:62365 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::b00a:ee1f:a3d4:b16d%2]:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::b00a:ee1f:a3d4:b16d%2]:62366 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::f15f:1d33:1ce5:b1bf]:1900 *:* 4092
SSDPSRV
[svchost.exe]
UDP [fe80::f15f:1d33:1ce5:b1bf]:62367 *:* 4092
SSDPSRV
[svchost.exe]
