Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Microsoft-ds Syn_gesendet", wurm?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.03.2009, 18:55   #1
camel43
 
"Microsoft-ds Syn_gesendet", wurm? - Standard

"Microsoft-ds Syn_gesendet", wurm?



Hallo,

Ich habe heute beim Onlinespielen bemerkt, dass ich starke lags habe und daraufhin
per cmd netstat -a gemacht.
Umso überraschter war ich als ich dort merkwürdiges entdeckte

//

Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status
TCP xxxxxxx-xxxxxxx:microsoft-ds xxxxxxx-xxxxxxx:0 ABH™REN
TCP xxxxxxx-xxxxxxx:4756 xxxxxxx-xxxxxxx:0 ABH™REN
TCP xxxxxxx-xxxxxxx:1027 adsl-67-120-53-51.dsl.lsan03.pacbell.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:1028 213-64-101-72-no182.ipt.telia.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:1029 34.5.253.19:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:1095 195.113.252.45:microsoft-ds FIN_WARTEN_1
TCP xxxxxxx-xxxxxxx:1200 CLIENT-infoserwis-826.walbrzych.dialog.net.pl:microsoft-ds FIN_WARTEN_1
TCP xxxxxxx-xxxxxxx:1223 213.21.6.110:microsoft-ds WARTEND
TCP xxxxxxx-xxxxxxx:1896 a85-183-195-153.deploy.akamaitechnologies.com:h**p WARTEND
TCP xxxxxxx-xxxxxxx:1919 digg.com:h**p WARTEND
TCP xxxxxxx-xxxxxxx:1948 72.52.147.187:h**p ZULETZT_ACK
TCP xxxxxxx-xxxxxxx:1949 72.52.147.187:h**p ZULETZT_ACK
TCP xxxxxxx-xxxxxxx:1953 digg.com:h**p WARTEND
TCP xxxxxxx-xxxxxxx:2007 94.72.2.248:microsoft-ds HERGESTELLT
TCP xxxxxxx-xxxxxxx:2142 unregister087160097217.c160.msk.pl:microsoft-ds FIN_WARTEN_1
TCP xxxxxxx-xxxxxxx:2567 124-8-198-146.dynamic.tfn.net.tw:microsoft-ds WARTEND
TCP xxxxxxx-xxxxxxx:2679 80.240.229.211:h**p FIN_WARTEN_1
TCP xxxxxxx-xxxxxxx:2778 ip28.hichina.com:microsoft-ds FIN_WARTEN_1
TCP xxxxxxx-xxxxxxx:3189 fx-in-f83.google.com:h**p HERGESTELLT
TCP xxxxxxx-xxxxxxx:3250 fx-in-f17.google.com:h**p HERGESTELLT
TCP xxxxxxx-xxxxxxx:3309 87-119-224-225.saransk.ru:microsoft-ds HERGESTELLT
TCP xxxxxxx-xxxxxxx:3536 www.administrator.de:h**p SCHLIESSEN_WARTEN
TCP xxxxxxx-xxxxxxx:3573 www.administrator.de:h**p WARTEND
TCP xxxxxxx-xxxxxxx:3575 www.administrator.de:h**p SCHLIESSEN_WARTEN
TCP xxxxxxx-xxxxxxx:3576 www.administrator.de:h**p WARTEND
TCP xxxxxxx-xxxxxxx:3586 www.administrator.de:h**p SCHLIESSEN_WARTEN
TCP xxxxxxx-xxxxxxx:3728 tx-in-f127.google.com:h**p SCHLIESSEN_WARTEN
TCP xxxxxxx-xxxxxxx:3736 a85-183-195-139.deploy.akamaitechnologies.com:h**p HERGESTELLT
TCP xxxxxxx-xxxxxxx:3737 a85-183-195-139.deploy.akamaitechnologies.com:h**p HERGESTELLT
TCP xxxxxxx-xxxxxxx:3740 ro10855.plusserver.de:h**p SCHLIESSEN_WARTEN
TCP xxxxxxx-xxxxxxx:3905 124-8-198-163.dynamic.tfn.net.tw:microsoft-ds WARTEND
TCP xxxxxxx-xxxxxxx:3923 87-119-233-132.saransk.ru:microsoft-ds HERGESTELLT
TCP xxxxxxx-xxxxxxx:4079 cpe-88-80-226-70.klo.nr.satronet.sk:microsoft-ds FIN_WARTEN_1
TCP xxxxxxx-xxxxxxx:4362 88.80.240.33:microsoft-ds FIN_WARTEN_1
TCP xxxxxxx-xxxxxxx:4429 cpc2-rdng6-0-0-cust382.winn.cable.ntl.com:microsoft-ds WARTEND
TCP xxxxxxx-xxxxxxx:4435 cpc2-rdng6-0-0-cust382.winn.cable.ntl.com:microsoft-ds WARTEND
TCP xxxxxxx-xxxxxxx:4473 ip28.hichina.com:microsoft-ds FIN_WARTEN_1
TCP xxxxxxx-xxxxxxx:4511 fx-in-f17.google.com:h**p HERGESTELLT
TCP xxxxxxx-xxxxxxx:4552 fx-in-f17.google.com:h**p HERGESTELLT
TCP xxxxxxx-xxxxxxx:4611 94.72.2.20:microsoft-ds HERGESTELLT
TCP xxxxxxx-xxxxxxx:4623 80.81.106.79:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4631 118.101.212.52:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4632 181.112.87.91:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4633 51.39.56.35:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4634 53.26.231.51:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4635 cpe-217-98-76-92.docsis.tomkow.pl:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4636 101.115.108.9:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4637 dslb-088-064-143-001.pools.arcor-ip.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4638 204.123.93.91:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4639 84.78.0.110.ap.yournet.ne.jp:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4640 21.7.200.36:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4641 mta-98-6-187-89.nyc.res.rr.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4642 116.44.214.121:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4643 116.108.78.70:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4644 94.99.185.43.dynamic.saudi.net.sa:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4645 AAnnecy-158-1-56-38.w90-48.abo.wanadoo.fr:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4646 22.127.58.114:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4647 adsl-65-69-58-34.dsl.stlsmo.swbell.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4648 athedsl-133487.home.otenet.gr:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4649 143.84.17.8:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4650 dpc6682032104.direcpc.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4651 205.30.121.52:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4652 149.91.156.109:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4653 38.19.44.67:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4654 119.15.94.119:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4656 125.106.241.55:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4657 212.37.15.94:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4658 78-24-229-070-gprs.vntc.ru:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4661 170.106.211.49:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4662 59.19.36.31:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4663 143.121.50.25:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4664 171.34.46.1:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4665 166.58.118.4:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4667 38.1.222.23:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4668 51.29.17.55:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4669 192.39.113.57:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4670 ppp121-45-101-84.lns10.adl6.internode.on.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4672 host77-63-45-114.kpn-gprs.nl:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4673 192.12.239.109:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4674 slip-12-65-37-64.mis.prserv.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4676 195.111.96.16:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4677 155.37.84.113:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4679 145.83.178.49:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4680 ool-45734a06.dyn.optonline.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4681 26.112.253.56:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4683 187.6.219.41:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4685 host9-234-static.124-81-b.business.telecomitalia.it:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4687 163.108.229.40:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4689 101.82.48.2:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4691 host32-72-dynamic.56-82-r.retail.telecomitalia.it:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4692 172.36.0.95:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4695 67.55.121.66:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4696 119.88.253.93:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4699 c-76-98-214-38.hsd1.nj.comcast.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4701 129.88.131.44:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4703 143.60.89.109:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4707 148.127.185.61:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4709 141.9.239.48:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4710 pool-173-57-2-56.dllstx.fios.verizon.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4711 TOROON08-1279381796.sdsl.bell.ca:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4713 98.40.195.71:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4716 150.62.199.64:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4717 28.49.5.96:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4719 2.139.32.202.ts.2iij.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4720 rrcs-71-42-168-121.se.biz.rr.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4726 172.48.165.5:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4730 28.87.209.50:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4733 167.104.215.3:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4737 192.11.43.106:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4738 host82-61-static.118-81-b.business.telecomitalia.it:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4741 119.49.189.46:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4742 host104-82-dynamic.26-79-r.retail.telecomitalia.it:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4745 223.58.51.79:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4747 63.54.118.68:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4748 114-247-21-190.adsl.terra.cl:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4749 31.50.160.81:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4750 nothing.attdns.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4751 200.10.93.120:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4753 62.18.169.66:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4755 178.70.159.80:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4757 27.34.187.76:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4758 99.4.223.86:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4761 157.65.93.43:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4764 23.225.64.117.broad.dynamic.hf.ah.cndata.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4765 19.92.237.86:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4771 54.35.20.23:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4774 22.30.45.67:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4778 151.9.90.69:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4780 softbank126035240120.bbtec.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4782 77.46.228.19:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4783 200.15.49.81:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4785 172.3.145.92:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4794 206.59.182.72:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4796 cm39-110.liwest.at:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4800 12.3.238.60:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4801 64-126-97-91.static.everestkc.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4803 94.52.199.62:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4806 48.73.10.29:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4812 customer-200-79-116-90.uninet-ide.com.mx:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4815 fcds9011.atl.llnw.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4816 54.92.51.18:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4818 147.96.233.1:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4819 19.47.102.21:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4820 163.124.1.105:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4821 131.84.132.84:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4822 adsl-68-122-27-95.dsl.irvnca.pacbell.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4823 222.92.133.13:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4825 152.92.128.32:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4826 168.40.61.116:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4828 192.52.143.2:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4829 107.17.22.117:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4830 46.71.218.75:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4831 client-86-25-135-29.sdn-bng-011.adsl.tesco.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4832 97.216.126-78.rev.gaoland.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4833 satcom063.fokus.fraunhofer.de:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4836 cpe-204-106-229-75.dyn.marcocable.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4837 azz16.internetdsl.tpnet.pl:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4838 204.85.122.82:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4841 184.45.25.105:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4842 117.168.39-62.rev.gaoland.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4843 177.38.126.65:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4845 136.35.210.56:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4846 d51522F41.access.telenet.be:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4849 host94.nfiinteractive.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4851 29.85.146.64:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4854 24.69.204.63:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4856 136.5.23.109:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4857 softbank126005197035.bbtec.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4860 187.83.153.21:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4861 111.64.209.106:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4864 208.89.180.45:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4865 pc52.itecsystems.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4866 221x117x27x7.ap221.ftth.ucom.ne.jp:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4867 13.110.224.73:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4868 150.86.218.47:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4869 18.68.251.55:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4872 c-71-59-121-24.hsd1.pa.comcast.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4873 129.71.116.78:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4874 142.42.229.17:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4875 static.unknown.charter.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4877 176.98.86.116:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4878 170.83.182.89:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4879 161.19.243.40:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4883 cpe-98-31-53-66.woh.res.rr.com:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4884 216-43-185-13.dsl.mcleodusa.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4885 197.64.37.114:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4886 120.118.165.77:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4890 215.49.32.14:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4894 bvj86.neoplus.adsl.tpnet.pl:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4898 24.115.185.38.res-cmts.gld.ptd.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4899 205.84.73.70:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4901 117.7.22.41:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4902 212.43.81.109:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4907 181.100.206.54:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4908 176.6.224.52:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4910 93-120-246-53.dynamic.mts-nn.ru:microsoft-ds WARTEND
TCP xxxxxxx-xxxxxxx:4911 159.5.163.45:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4912 85.95.198.11:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4915 kurdeezlime.com.au:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4916 176.38.164.105:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4917 170.113.182.16:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4919 87.225-4-62.dialup.skynet.be:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4921 139.88.176.43:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4922 102.35.137.57:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4924 54.115.33.106:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4927 182.4.158.18:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4928 170.119.64.70:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4929 63.96.110.98:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4934 49.1.2.41:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4941 133.48.33.79:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4944 34.75.163.74:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4949 73.115.133.12:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4951 unknown.tko.scnet.net:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4954 93-120-246-53.dynamic.mts-nn.ru:microsoft-ds HERGESTELLT
TCP xxxxxxx-xxxxxxx:4957 52.90.227.27:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4959 27.30.220.8:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4960 ip-189-96-167-14.user.vivozap.com.br:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4964 211.68.161.55:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4966 131.41.205.122:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4967 80.30.108.123:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4968 134.117.151.64:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4970 158.100.203.109:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4971 68.159.65.61-savecom:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4972 157.127.3.21:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4974 27.101.205.104:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4981 177.32.219.121:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4985 59.18.238.62:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:4989 62.27.29.127:microsoft-ds SYN_GESENDET
TCP xxxxxxx-xxxxxxx:1025 xxxxxxx-xxxxxxx:0 ABH™REN
TCP xxxxxxx-xxxxxxx:netbios-ssn xxxxxxx-xxxxxxx:0 ABH™REN
UDP xxxxxxx-xxxxxxx:microsoft-ds *:*
UDP xxxxxxx-xxxxxxx:ntp *:*
UDP xxxxxxx-xxxxxxx:ntp *:*
UDP xxxxxxx-xxxxxxx:44301 *:*
UDP xxxxxxx-xxxxxxx:ntp *:*
UDP xxxxxxx-xxxxxxx:netbios-ns *:*
UDP xxxxxxx-xxxxxxx:netbios-dgm *:*

//
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:21, on 04.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
c:\Programme\Alwil Software\Avast4\aswUpdSv.exe
c:\Programme\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Razer\Diamondback 3G\razerhid.exe
D:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
D:\WINDOWS\TBPanel.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Razer\Diamondback 3G\razertra.exe
D:\Programme\Razer\Diamondback 3G\razerofa.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\System32\svchost.exe
c:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Opera\opera.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\taskmgr.exe
c:\Programme\ALZip\ALZip.exe
c:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avast!] c:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diamondback] D:\Programme\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [XboxStat] "D:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Gainward] D:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - c:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - c:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7944C18-15AB-4B1F-8177-462DBDEC77DC}: NameServer = 213.191.74.18 62.109.123.196
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - c:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - c:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4787 bytes
//

Freue mich über jede Hilfe

Grüße
Camel43

Antwort

Themen zu "Microsoft-ds Syn_gesendet", wurm?
adobe, antivirus, avast, avast!, bho, dateien, explorer, gainward, hijack, hijackthis, hkus\s-1-5-18, internet explorer, messenger, microsoft-ds, netbios-ns, netstat, nvidia, opera, programme, rundll, setup, software, sp3, syn_gesendet, system32, tcp, udp, windows, windows xp, wurm, wurm?



Ähnliche Themen: "Microsoft-ds Syn_gesendet", wurm?


  1. Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart" Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"
    Log-Analyse und Auswertung - 19.11.2015 (3)
  2. Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"
    Log-Analyse und Auswertung - 04.07.2015 (14)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. "iexplore.exe mit Win32/Dorkbot.B Wurm infiziert - Säubern nicht möglich" was machen?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (3)
  6. Ist "Dwgyyle Wrtchg Wddslfd" ein Trojaner oder Wurm?
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (1)
  7. "muxyi.exe" und Fehler bei Rechte zu "C:\ProgramData\Microsoft\Windows"
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (5)
  8. Virus oder Wurm " Perflib_Perfdata_1cc " & " Perflib_Perfdata_228 "
    Log-Analyse und Auswertung - 23.08.2010 (23)
  9. Frage zum Neuaufsetzen ( "Client für Microsoft Netzwerke" / "Druckerfreigabe")
    Alles rund um Windows - 28.04.2010 (1)
  10. "Windows Security Center Alert", selbst ein Trojaner/Wurm ?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (5)
  11. Entfernung Wurm "Hacked by Godzilla" - Gibt es ein Programm dafür?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2009 (5)
  12. "google-redirect.com"-Wurm in der Datei "autochk.dll/autochk.exe" - Hilfe
    Plagegeister aller Art und deren Bekämpfung - 11.05.2009 (31)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. MSN Wurm/Trojaner => "is that u?" => Sehr viele Personen betroffen =>Experten gesucht
    Log-Analyse und Auswertung - 01.12.2006 (13)
  15. System plötzlich "merkwürdig"! langsamer, alter Wurm wieder da, Passwörter weg?
    Log-Analyse und Auswertung - 21.10.2006 (6)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. Wurm/Spyware Look.2.me entfernung "nicht" möglich
    Plagegeister aller Art und deren Bekämpfung - 08.04.2006 (1)

Zum Thema "Microsoft-ds Syn_gesendet", wurm? - Hallo, Ich habe heute beim Onlinespielen bemerkt, dass ich starke lags habe und daraufhin per cmd netstat -a gemacht. Umso überraschter war ich als ich dort merkwürdiges entdeckte // Aktive - "Microsoft-ds Syn_gesendet", wurm?...
Archiv
Du betrachtest: "Microsoft-ds Syn_gesendet", wurm? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.