So, i noticed that one of my computers kept opening a UPnP rule on my firewall(if i kept UPnP on), but the other didn't. Searching with netstat -ano gave me the PID, which was svchost.exe netsvcs. Now, this doesn't say much since a lot of services run on svchost. Searching with the port number, or the services wouldn't give much results as the port was dynamic. After some more google persistance i found out the command to list each service that was running in each PID and the name of the services inside. tasklist /svc
Browser, EapHost, gpsvc, IKEEXT, iphlpsvc, LanmanServer, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt, wuauserv
So now i got something similar to this, and by trial and error i eventually found out that, if i stoped IPHLPSVC, i would stop listening to the port. In the end, when i searched the net with IPHLPSVC i found someone with the same questions i had and with some precious tip that might save me time next time:http://forums.comodo.com/firewall-help-cis/svchostexe-port-57398-whats-going-on-here-t72975.0.html
This service is somehow responsible by the horrible teredo and other tunnels that appear in your ipconfig list since they invented IPv6. Somehow i suspected when i checked IKEEXT that this would have to do something to do with IPv6. But why did i have this open in one computer and not in the other?
Anyway, just to make sure, i reenabled the service, but nothing happened nevertheless. The UDP port will only get open when you actually attempt to do a IPv6 connection. It seems the UDP port will try to emulate IPv6 connections even if you're using IPv4. Something to try to understand in the future. For now i am happy that I didn't had a worm somewhere...PS: If you want you can set it off by using netsh interface teredo / set state disabled (set state default - to reenable)