backdoor vermutung

sibby

guten tag

ich hab vor kurzem eine site besucht auf der mein antivir alarm geschlagen hat.. angeblich ein scriptvirus oder ähnliches genaue bezeichnung kenn ich leider nicht mehr :/ jedenfalls hab ich dann vorsichtshalber "löschen und überschreiben" angeklickt.

hier nun mein eigentliches problem: seit ich diesen scriptvirus hatte lagt meine internetverbindung. das äussert sich in cs (alle 10sekunden ein lag mit dem ausmaß eines verbindungsverlustes) als auch beim normalen surfen

hier mein HijackThis log ich hoffe ihr findet etwas.. hab schon eine systemwiederherstellung angewandt antivir hat auch nichts mehr gefunden.

Logfile of HijackThis v1.99.1
Scan saved at 02:31:18, on 02.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe
D:\Programme\veronica\veronica.exe
D:\Steam\Steam.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.uni-regensburg.de
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.uni-regensburg.de
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106508930731
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78BACDEA-7595-4BC7-900E-476F571BA678}: NameServer = 81.173.194.68,194.8.194.60
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

noch etwas: ein auszug aus meiner routerfirewall

Tue Mar 01 17:40:42 2005 : 192.168.5.163 login successfully
Tue Mar 01 17:38:31 2005 : Blocked access attempt from 12.148.79.134
Tue Mar 01 17:38:28 2005 : Blocked access attempt from 81.173.143.109
Tue Mar 01 17:38:28 2005 : Blocked access attempt from 12.148.79.134
Tue Mar 01 17:38:27 2005 : Blocked access attempt from 81.173.155.113
Tue Mar 01 17:38:08 2005 : Blocked access attempt from 81.173.180.60
Tue Mar 01 17:37:52 2005 : Blocked access attempt from 81.173.150.98
Tue Mar 01 17:37:17 2005 : Blocked access attempt from 81.173.182.157
Tue Mar 01 17:36:36 2005 : Blocked access attempt from 81.173.252.210
Tue Mar 01 17:35:17 2005 : Blocked access attempt from 61.149.114.1
Tue Mar 01 17:35:08 2005 : Blocked access attempt from 81.173.150.87
Tue Mar 01 17:34:55 2005 : Blocked access attempt from 81.64.24.166
Tue Mar 01 17:34:04 2005 : Blocked access attempt from 81.173.144.26
Tue Mar 01 17:33:10 2005 : Blocked access attempt from 81.173.150.87
Tue Mar 01 17:32:46 2005 : Blocked access attempt from 81.173.149.130
Tue Mar 01 17:32:26 2005 : Blocked access attempt from 216.26.169.132
Tue Mar 01 17:32:07 2005 : Blocked access attempt from 81.173.150.67
Tue Mar 01 17:32:06 2005 : Blocked access attempt from 81.173.128.83
Tue Mar 01 17:32:03 2005 : Blocked access attempt from 81.173.150.67
Tue Mar 01 17:32:03 2005 : Blocked access attempt from 81.173.128.83
Tue Mar 01 17:31:51 2005 : Blocked access attempt from 81.173.252.149
Tue Mar 01 17:31:18 2005 : Blocked access attempt from 81.173.252.210
Tue Mar 01 17:29:12 2005 : Blocked access attempt from 81.173.139.67
Tue Mar 01 17:29:09 2005 : Blocked access attempt from 81.173.252.210
Tue Mar 01 17:27:46 2005 : Blocked access attempt from 81.173.248.132
Tue Mar 01 17:27:40 2005 : Blocked access attempt from 81.173.156.180
Tue Mar 01 17:27:38 2005 : Blocked access attempt from 81.173.144.145
Tue Mar 01 17:27:37 2005 : Blocked access attempt from 81.173.156.180
Tue Mar 01 17:27:35 2005 : Blocked access attempt from 81.173.144.145
Tue Mar 01 17:27:18 2005 : Blocked access attempt from 81.173.251.220
Tue Mar 01 17:26:45 2005 : Blocked access attempt from 81.173.144.26
Tue Mar 01 17:26:41 2005 : Blocked access attempt from 81.173.179.221
Tue Mar 01 17:25:39 2005 : Blocked access attempt from 213.196.229.112
Tue Mar 01 17:25:19 2005 : Blocked access attempt from 212.172.17.63
Tue Mar 01 17:25:08 2005 : Blocked access attempt from 83.195.24.48
Tue Mar 01 17:24:28 2005 : Blocked access attempt from 213.196.229.112
Tue Mar 01 17:24:26 2005 : Blocked access attempt from 81.173.159.174
Tue Mar 01 17:24:25 2005 : Blocked access attempt from 213.196.229.112
Tue Mar 01 17:24:23 2005 : Blocked access attempt from 81.173.159.174
Tue Mar 01 17:24:09 2005 : Blocked access attempt from 219.148.119.199
Tue Mar 01 17:23:11 2005 : Blocked access attempt from 212.214.116.180
Tue Mar 01 17:23:01 2005 : Blocked access attempt from 81.173.150.87
Tue Mar 01 17:23:01 2005 : Blocked access attempt from 71.97.178.125
Tue Mar 01 17:22:59 2005 : Blocked access attempt from 81.173.150.87
Tue Mar 01 17:22:58 2005 : Blocked access attempt from 71.97.178.125
Tue Mar 01 17:22:43 2005 : Blocked access attempt from 81.173.233.51
Tue Mar 01 17:20:39 2005 : Blocked access attempt from 81.173.233.3
Tue Mar 01 17:20:36 2005 : Blocked access attempt from 81.173.128.83
Tue Mar 01 17:20:26 2005 : Blocked access attempt from 218.169.7.35
Tue Mar 01 17:19:14 2005 : Blocked access attempt from 81.173.139.67
Tue Mar 01 17:19:07 2005 : Blocked access attempt from 81.173.147.87
Tue Mar 01 17:18:48 2005 : Blocked access attempt from 222.233.52.32
Tue Mar 01 17:18:37 2005 : Blocked access attempt from 81.173.164.4
Tue Mar 01 17:17:58 2005 : Blocked access attempt from 81.173.135.37
Tue Mar 01 17:17:55 2005 : Blocked access attempt from 61.129.88.178
Tue Mar 01 17:16:51 2005 : Blocked access attempt from 81.173.158.109
Tue Mar 01 17:16:42 2005 : Blocked access attempt from 69.204.111.202
Tue Mar 01 17:16:38 2005 : Blocked access attempt from 61.172.244.159
Tue Mar 01 17:16:32 2005 : Blocked access attempt from 81.173.248.132
Tue Mar 01 17:16:22 2005 : Blocked access attempt from 81.173.251.98
Tue Mar 01 17:16:16 2005 : Blocked access attempt from 81.173.144.26
Tue Mar 01 17:16:12 2005 : Blocked access attempt from 81.173.150.67
Tue Mar 01 17:15:19 2005 : Blocked access attempt from 213.196.199.221
Tue Mar 01 17:15:07 2005 : Blocked access attempt from 81.173.233.51
Tue Mar 01 17:14:59 2005 : Blocked access attempt from 81.173.145.32
Tue Mar 01 17:14:48 2005 : Blocked access attempt from 81.173.144.190
Tue Mar 01 17:14:40 2005 : Blocked access attempt from 81.173.152.109
Tue Mar 01 17:14:10 2005 : Blocked access attempt from 81.173.144.26
Tue Mar 01 17:13:54 2005 : Blocked access attempt from 81.173.233.180
Tue Mar 01 17:13:46 2005 : Blocked access attempt from 81.173.182.157
Tue Mar 01 17:13:32 2005 : Blocked access attempt from 69.25.57.140
Tue Mar 01 17:13:27 2005 : Blocked access attempt from 81.173.253.29
Tue Mar 01 17:13:24 2005 : Blocked access attempt from 69.25.57.140
Tue Mar 01 17:13:22 2005 : Blocked access attempt from 81.173.158.27
Tue Mar 01 17:13:20 2005 : Blocked access attempt from 69.25.57.140
Tue Mar 01 17:13:19 2005 : Blocked access attempt from 81.173.158.27
Tue Mar 01 17:13:17 2005 : Blocked access attempt from 69.25.57.140
Tue Mar 01 17:12:44 2005 : Blocked access attempt from 81.173.144.26
Tue Mar 01 17:12:06 2005 : Blocked access attempt from 81.173.149.130
Tue Mar 01 17:11:52 2005 : Blocked access attempt from 81.173.248.22
Tue Mar 01 17:11:32 2005 : Blocked access attempt from 81.173.150.87
Tue Mar 01 17:11:31 2005 : Blocked access attempt from 81.173.248.132
Tue Mar 01 17:11:30 2005 : Blocked access attempt from 24.160.69.27
Tue Mar 01 17:11:29 2005 : Blocked access attempt from 81.173.248.132
Tue Mar 01 17:11:24 2005 : Blocked access attempt from 24.160.69.27
Tue Mar 01 17:11:22 2005 : Blocked access attempt from 81.173.252.210
Tue Mar 01 17:11:21 2005 : Blocked access attempt from 24.160.69.27
Tue Mar 01 17:11:07 2005 : Blocked access attempt from 81.173.152.109
Tue Mar 01 17:10:50 2005 : Blocked access attempt from 81.173.252.214
Tue Mar 01 17:10:38 2005 : Blocked access attempt from 81.173.233.180
Tue Mar 01 17:10:24 2005 : Blocked access attempt from 81.173.144.26
Tue Mar 01 17:10:16 2005 : Blocked access attempt from 81.42.68.68
Tue Mar 01 17:10:14 2005 : Blocked access attempt from 222.147.32.241
Tue Mar 01 17:09:41 2005 : Blocked access attempt from 212.172.17.63
Tue Mar 01 17:09:17 2005 : Blocked access attempt from 81.173.156.210
Tue Mar 01 17:08:20 2005 : Blocked access attempt from 81.173.249.13
Tue Mar 01 17:08:16 2005 : Blocked access attempt from 81.173.157.34
Tue Mar 01 17:08:06 2005 : Blocked access attempt from 81.173.143.134
Tue Mar 01 17:07:58 2005 : Blocked access attempt from 81.173.233.180
Tue Mar 01 17:07:31 2005 : Blocked access attempt from 81.173.154.187
Tue Mar 01 17:06:58 2005 : Blocked access attempt from 81.173.235.71
Tue Mar 01 17:06:31 2005 : Blocked access attempt from 81.173.128.83
Tue Mar 01 17:06:17 2005 : Blocked access attempt from 81.173.150.98
Tue Mar 01 17:05:49 2005 : Blocked access attempt from 81.173.249.13
Tue Mar 01 17:05:34 2005 : Blocked access attempt from 81.173.147.87
Tue Mar 01 17:05:22 2005 : Blocked access attempt from 150.101.145.75
Tue Mar 01 17:04:50 2005 : Blocked access attempt from 81.173.233.3
Tue Mar 01 17:04:35 2005 : Blocked access attempt from 81.173.252.123
Tue Mar 01 17:04:02 2005 : Blocked access attempt from 81.173.149.130
Tue Mar 01 17:03:57 2005 : Blocked access attempt from 81.173.156.180
Tue Mar 01 17:03:28 2005 : Blocked access attempt from 81.173.233.24
Tue Mar 01 17:03:13 2005 : Blocked access attempt from 81.173.252.123
Tue Mar 01 17:03:05 2005 : Blocked access attempt from 81.173.156.204
Tue Mar 01 17:02:51 2005 : Blocked access attempt from 81.173.135.227
Tue Mar 01 17:02:40 2005 : Blocked access attempt from 81.173.233.24
Tue Mar 01 17:02:16 2005 : Blocked access attempt from 81.173.140.159
Tue Mar 01 17:02:08 2005 : Blocked access attempt from 81.173.176.182
Tue Mar 01 17:01:50 2005 : Blocked access attempt from 81.173.252.123
Tue Mar 01 17:01:33 2005 : Blocked access attempt from 81.173.156.204
Tue Mar 01 17:01:29 2005 : Blocked access attempt from 81.173.249.13
Tue Mar 01 17:00:37 2005 : Blocked access attempt from 81.173.248.22
Tue Mar 01 17:00:32 2005 : Blocked access attempt from 81.173.233.24
Tue Mar 01 17:00:27 2005 : Blocked access attempt from 81.173.135.227
Tue Mar 01 17:00:09 2005 : Blocked access attempt from 81.173.252.123
Tue Mar 01 16:59:57 2005 : Blocked access attempt from 81.173.172.243
Tue Mar 01 16:59:06 2005 : Blocked access attempt from 81.173.156.180

hoffe das ich hier richtig gelandet bin und danke schon mal für die hilfe auch bezüglich anderer probleme die ich hatte war nur zu faul mich zu registrieren