Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
netstat russische ip syn_sent

netstat russische ip syn_sent


Plagegeister aller Art und deren Bekämpfung: netstat russische ip syn_sent

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.06.2016, 20:17   #8
sodium
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent


Hey!

adwCleaner Log:
Code:
ATTFilter
# AdwCleaner v5.200 - Logfile created 21/06/2016 at 20:53:20
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-21.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : root - BATTLESTATION
# Running from : C:\Users\root\Desktop\AdwCleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\ByteFence
[#] Folder Deleted : C:\ProgramData\Application Data\ByteFence
[-] Folder Deleted : C:\Program Files (x86)\Company Name
[-] Folder Deleted : C:\Users\root\AppData\Roaming\Company Name
[-] Folder Deleted : C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba

***** [ Files ] *****

[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-e-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-e-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-h-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-h-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-profile-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-profile-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-d-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-d-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-h-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-h-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_blaze-audio-voice-cloak.de.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_blaze-audio-voice-cloak.de.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_funny-voice.de.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_funny-voice.de.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lividinstruments.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lividinstruments.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_logmein-hamachi.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_logmein-hamachi.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_shop.lividinstruments.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_shop.lividinstruments.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\csastats

***** [ Web browsers ] *****

[-] [C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : 1und1.de
[-] [C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : funny-voice.softonic.de
[-] [C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : logmein-hamachi.en.softonic.com
[-] [C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hcdjknjpbnhdoabbngpmfekaecnpajba

*************************

:: "Tracing" keys deleted
:: Proxy settings cleared
:: Winsock settings cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7286 bytes] - [21/06/2016 20:53:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [7127 bytes] - [21/06/2016 20:51:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7432 bytes] ##########
mbam Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 21.06.2016
Suchlaufzeit: 21:03
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.21.06
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: root

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 323793
Abgelaufene Zeit: 6 Min., 19 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 3
HackTool.DDoS, C:\Users\root\Desktop\intensoData\DateinÜberbleibsel\Datein\rDos.exe, Keine Aktion durch Benutzer, [fb9f4bb40396989e6206220eb54d9d63], 
HackTool.Hoylecann, C:\Users\root\Desktop\Programs\Hoic\Hoic\hoic2.1.exe, Keine Aktion durch Benutzer, [623811ee2772fb3b52274534d42c9f61], 
HackTool.LOIC, C:\Users\root\Desktop\Programs\penTesting\LOIC.exe, Keine Aktion durch Benutzer, [b8e2ef107920999d4d56a9a50ff29d63], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Code:
ATTFilter
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : BATTLESTATION
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : battlestation\root
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-06-21 21:13:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 4s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 13

   Objects scanned . . . : 2.379.125
   Files scanned . . . . : 65.815
   Remnants scanned  . . : 655.735 files / 1.657.575 keys

Malware _____________________________________________________________________

   C:\Users\root\Desktop\Programme\lenstor (x64).exe
      Size . . . . . . . : 156.672 bytes
      Age  . . . . . . . : 99.2 days (2016-03-14 17:01:04)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 54E5D4C703341EAFE6F95FABE42FF8E420FFFE53C4B587B59C9A5D884CB095D7
      Needs elevation  . : Yes
      Product  . . . . . : Seriales para Camtasia Studio 8.3
      Publisher  . . . . : Lenstor
      Description  . . . : Seriales para Camtasia Studio 8.3
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Kazy.309381
      Fuzzy  . . . . . . : 100.0

   C:\Users\root\Desktop\Programs\Hoic\Hoic\hoic2.1.exe
      Size . . . . . . . : 8.902.228 bytes
      Age  . . . . . . . : 102.2 days (2016-03-11 16:47:36)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 3C9806F8E132917EF85512505FADACA733E5523C271DD2E2A6925DDB9C3D0DF0
    > Kaspersky  . . . . : HackTool.Win32.Hoic.a
    > HitmanPro  . . . . : App/HOIC-A
      Fuzzy  . . . . . . : 106.0

   C:\Users\root\Desktop\Programs\penTesting\LOIC.exe
      Size . . . . . . . : 136.192 bytes
      Age  . . . . . . . : 99.2 days (2016-03-14 17:01:05)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : F60A52512773B52DEF9BA9CE8AAD61144D2CF351F6BC04D1C5A13ABEF8F3B89B
      Product  . . . . . : Low Orbit Ion Cannon
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Application.HackTool.1
    > Kaspersky  . . . . : HEUR:HackTool.MSIL.Flooder.gen
      Fuzzy  . . . . . . : 114.0


Suspicious files ____________________________________________________________

   C:\$Recycle.Bin\S-1-5-21-3648149182-1190501675-731794431-1000\$R3IAUVX.exe
      Size . . . . . . . : 2.387.456 bytes
      Age  . . . . . . . : 2.0 days (2016-06-19 21:55:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4B394697CDD77F227660BC7CF2621FCC2D32BE959837D4CA3D8A17CB71BBCB3F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\root\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 951.497 bytes
      Age  . . . . . . . : 78.0 days (2016-04-04 20:38:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 43358BBCEC1EBE7927CA3B0A3DCA0597D5E8584F0FCBE987B8126A0C12D73A2B
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\root\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 138.648 bytes
      Age  . . . . . . . : 77.0 days (2016-04-05 21:40:33)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   E:\MagicDisc\MagicDisc.exe
      Size . . . . . . . : 576.000 bytes
      Age  . . . . . . . : 14.2 days (2016-06-07 16:28:34)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : E8F100A8BF30CB101088E6E5BAFF9FF472976691B9BBF70BE324A75635D4D451
      Product  . . . . . : MagicDisc
      Publisher  . . . . : MagicISO, Inc.
      Description  . . . : MagicISO Virtual CD/DVD Manager
      Version  . . . . . : 2.7.0.106
      Copyright  . . . . : MagicISO, Inc.
      LanguageID . . . . : 1033
      Running processes  : 3628
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Uses the Startup folder in the Start Menu to run each time the user logs on.
         Program is running but currently exposes no human-computer interface (GUI).
         Program starts automatically without user intervention.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is in use by one or more active processes.
         Time indicates that the file appeared recently on this computer.
      Startup
         C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\MagicDisc.lnk
         C:\Users\root\Desktop\Programs\MagicDisc.lnk


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
Anmerkung: ich habe die ddos (dos) programme nur dazu verwendet, einen stresstest auf meinen server durch zu führen.

MfG Sodium

 

Themen zu netstat russische ip syn_sent
ahnung, andere, anderen, angezeigt, aufbauen, befehl, chrome, cmd, externe, externen, geschlossen, hinweis, malware, merkwürdig, netstat, nicht, port, ports, prozesse, russische, status, verbindungen, wirkliche, wonach, würde


« yahoo search update popup, komische .exe crashes | Phishing-Zip-Anhang auf PC und Handy geöffnet »


Ähnliche Themen: netstat russische ip syn_sent


  1. Russische Hackergruppen stehlen Informationen zu Trump bei US-Demokraten
    Nachrichten - 15.06.2016 (0)
  2. Windows 8 / Firefox russische Po-ups behindern normales Surfen
    Log-Analyse und Auswertung - 16.09.2015 (10)
  3. Bericht: Russische Hacker lasen nichtgeheime E-Mails Obamas
    Nachrichten - 26.04.2015 (0)
  4. Russische Hacker drangen angeblich in Computer des Weißen Hauses ein
    Nachrichten - 08.04.2015 (0)
  5. Windows 7: Webseiten werden auf Russische Werbung umgeleitet.
    Log-Analyse und Auswertung - 06.04.2015 (14)
  6. Russische Hacker spionieren angeblich NATO aus
    Nachrichten - 14.10.2014 (0)
  7. russische Internetseite öffnet sich bei Windowsstart
    Log-Analyse und Auswertung - 18.09.2014 (8)
  8. Sicherheitsforscher: Russische Hacker erbeuten 1,2 Milliarden Profildaten
    Nachrichten - 06.08.2014 (0)
  9. Email von Vodafone mit pdf, die auf russische Seite verzweigt leider geöffnet!
    Log-Analyse und Auswertung - 09.07.2014 (27)
  10. Russische Werbung im Browserfenster - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (14)
  11. Hunderte Millionen Schaden: Russische Kreditkartenhacker angeklagt
    Nachrichten - 26.07.2013 (0)
  12. Russische Malware späht US-Geldautomaten aus
    Nachrichten - 28.03.2013 (0)
  13. Russische Botnetz-Betreiber infizierten 6 Millionen Rechner
    Nachrichten - 23.06.2012 (0)
  14. TR/Shutdowner.fft , Internetbrowser öffnet russische Schmuddelseiten bei allen Eingaben
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (24)
  15. ICQ verschickt von meinem Account aus russische Nachrichten
    Log-Analyse und Auswertung - 14.03.2010 (0)
  16. Plötzlich russische Musik im Hintergrund. Virus?
    Log-Analyse und Auswertung - 22.01.2010 (6)
  17. Russische Porno werbung im unteren Inet-Explorer
    Plagegeister aller Art und deren Bekämpfung - 23.11.2008 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema netstat russische ip syn_sent - Hey! adwCleaner Log: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v5.200 - Logfile created 21/06/2016 at 20:53:20 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-21.1 [Server] # Operating system - netstat russische ip syn_sent...
Archiv
Du betrachtest: netstat russische ip syn_sent auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131