Does hacker always shows up as "established" in tcpview?

Hi,

i was wondering if i can always spot a hacker in tcpview or netstat command? Is it possible someone is hacking me without showing “established” in tcpview or netstat? I had some problems with established connections, now i fixed that so its all listening. Is that ok?

Also should i disable netbios, epmap,wsd and microsoft-ds?

Can you show us a picture? And can we assume your using windows xp and is your computer on a network, if so is it (home or business network)?

Anyway,
Disabling Microsoft-ds? Do you have a printer shared over a network? If so that would explain it

Disabling netbios? disable it and see if you can find search for your printer and be able to use it, if you can keep it disabled, there’s really not much use for it anymore

disabling epmap? I know what it is but don’t know much about it so I cant answer it

I have never heard of “wsd” to the best of my knowledge

A rootkit can hide itself. It can hide it’s network traffic and disk usage. You would never know using netstat or other query that it was making connections.

Leave epmap alone. the rest you can safely disable.