Intercept a trojan? dynamics

I have a lot of strange calls on high ports , I intercepted calls consecutive in dynamic and private ports 40000-65000 the packet is consecutive , start with DNS PROTOCOL , they change with HTTPS , consecutive related packets of 9 / 10 for session .

calls are made ​​by symantec i analyzing packets , but i have imposted symantec for works standard port , i have disabilited autoupdate automatic , are too frequent to be symantec. packet is strange.

I have other calls on those doors 40000-65000 and not have installed anything software than working in the service port, infact HIDS tells me that finds open ports , but nothing is installed and does not recognize any process;

suspect is a virus, probably Sinowal Trojan , because it hides it well, the antivirus not identifie ; also this process often involves NT authority system registry windows often , and \ System32 \ scvhost.exe probably mixed with the process of windows, by pretending to be legitimate .

so I tried to download a specific tool , Strangely the tool fails to work, I get a message. tools obsolete and always stops the scan ; I upgrade the version , but the message is repeated , links appear on the tool and asked me to update it , restart but compare more advice .

perhaps it is another symptom that is just Sinowal or something like that , MBR rootkit.

you have any advice to be able to intercept? start first in memory and is able to hide from normal antivirus .
norton power eraser ; should be very good for this type of virus, but I get an errors .

an anti-rootkit tool very strong it starts first in memory ?

thanks

 

tools, advice etc
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3