zebal said:
You have to understand that blocking ports based on some known trojans that used (or use) these ports is not reliable method to block trojans.

Haxor can set any port he wants ranging from 1 to 65536, and he can do so any time and any amount of times he want, meaning there is no way for you to stop him once you have his client (aka. trojan)

The connections from your last screenshot have nothing to do with trojans, in fact blocking these may make your UI Unresponsive and OS not functioning properly in some cases.

How to proceed?
Step 1:
Understand IP addressing and address ranges, these in 99% of cases do not imply trojan activity:

Loopback address range
127.0.0.0/8

Private address ranges:
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8

Link-local addresses (Microsoft calls this "APIPA"):
169.254.0.0/16

Multicast addresses:
224.0.0/24
224.0.1/24
224.0.2.0 - 224.0.255.255
224.1/16
224.2/16
224.3/16, 224.4/16
224.252/14
232/8
233.252/14

Step 2:
Get familiar with IP protocols
In 99% of the cases trojans will use TCP protocol, rarely UDP and almost never other protocols
List of IP protocol numbers - Wikipedia

Step 3:
Get familiar with TPC/UDP protocol ports and for what they are used:
List of TCP and UDP port numbers - Wikipedia

Step 4:
Get familiar with minimum tools required to hunt down trojans:
https://docs.microsoft.com/en-us/sys...ocess-explorer
https://docs.microsoft.com/en-us/sys...nloads/procmon
https://docs.microsoft.com/en-us/sys...loads/autoruns
https://docs.microsoft.com/en-us/sys...nloads/tcpview
https://docs.microsoft.com/en-us/sys...ownloads/whois

Step 5:
To be 100% certain to catch trojans (or isolate them) you'll need separate machine acting as a gateway which will also generate connection logs.

It depends on what your goal is?
1. Intentionally use potentially dangerous software but verify what it does
2. Prevent malware

If you want to prevent malware (trojans) then rules are simple, don't install unsigned/untrusted programs

If you want to verify if bad programs (which you want) aren't actually as bad or are acceptable then good luck, because
you better set up a separate gateway machine and good firewall setup, and then spend a whole night watching traffic or write some programs that will do the job for you to give you a summary in the morning as you drink your coffee.

Additional reference:
IANA IPv4 Special-Purpose Address Registry
IPv4 Multicast Address Space Registry

Well said.