email absender herrausfinden

[CISK]

ich hab so eine gefakte ms mail mit einem virus an board bekommen

ich würde gern rausfinden von wem ich den mist bekommen habe


kann mir wer beim quelltext entschlüsseln helfen?

Code:

Return-Path: <xxx.xxx@nextra.at>
X-Flags: 0000
Delivered-To: GMX delivery to xxxx@gmx.at
Received: (qmail 19914 invoked by uid 65534); 29 Sep 2003 13:00:33 -0000
Received: from mail.nextra.at (EHLO mail.nextra.at) (195.170.70.50)
  by mx0.gmx.net (mx012) with SMTP; 29 Sep 2003 15:00:33 +0200
Received: from tyutj (at01a02-dial-160.nextranet.at [195.170.88.160])
	by mail.nextra.at (20030919/20030919/nextra) with SMTP id h8TCxEl2022544;
	Mon, 29 Sep 2003 14:59:16 +0200 (MEST)
Date: Mon, 29 Sep 2003 14:59:14 +0200 (MEST)
Message-Id: <200309291259.h8TCxEl2022544@mail.nextra.at>
FROM: "MS Corporation Public Bulletin" <hdevmazqymzzrbh-wywopg@bulletin.ms.net>
TO: "MS Partner" <partner@bulletin.ms.net>
SUBJECT: Current Network Update
X-ID: 177753276112848
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ulftoashqsriafzqv"
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)

--ulftoashqsriafzqv
Content-Type: multipart/related; boundary="qpmkayrdih";
	type="multipart/alternative"

--qpmkayrdih
Content-Type: multipart/alternative; boundary="ssgpjjmesbvtq"

--ssgpjjmesbvtq
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Microsoft Partner

this is the latest version of security update, the
"September 2003, Cumulative Patch" update which resolves
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your system.
This update includes the functionality =
of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
 - MS Internet Explorer, version 4.01 and later
 - MS Outlook, version 8.00 and later
 - MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch =
at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.


Microsoft Product Support Services and Knowledge Base articles =
can be found on the Microsoft Technical Support web site.
http://support.microsoft.com/

For security-related information about Microsoft products, please =
visit the Microsoft Security Advisor web site
http://www.microsoft.com/security/

Thank you for using Microsoft products.

Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable =
to respond to any replies.

----------------------------------------------
The names of the actual companies and products mentioned =
herein are the trademarks of their respective owners.
Copyright 2003 Microsoft Corporation.

--ssgpjjmesbvtq
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

[quaylar]

Naja - die Mail wurde abgeschickt von jemandem der sich beim Mailserver als "tyutj" identifiziert hat - maybe der Rechnername des Senders.

Hostname und IP-Adresse des Senders :
at01a02-dial-160.nextranet.at [195.170.88.160]

Versendender Mailserver :
mail.nextra.at

Email an abuse@nextra.at mit den vollständigen Email-Headern...obs was bringt ist eine andere Frage

--qu

[valo]

aber immerhin können die theoretisch herausfinden, wer um

Mon, 29 Sep 2003 14:59:16 +0200 (MEST)

diese (195.170.88.160) ip gehabt hat

[CISK]

und der returnpath sagt nix aus?