213.159.117.134 als Startseite

Birk · 13.03.2005, 17:02

Hallo Leute, da hat sich was bei mir eingenistet.
Wäre nett wenn mal jemand gucken könnte, was im hijackthis.log nicht hingehört.
Vielen Dank für die Hilfe
Habe a squarrd und Anti-Vir

Logfile of HijackThis v1.99.1
Scan saved at 17:01:28, on 13.03.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\WINDOWS\System32\systime.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\systime.exe
C:\Programme\a2\a2guard.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Andreas Wagner.ANDREAS-PJM7JJ0\Eigene Dateien\Eigene Musik\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.197.172.40:7007
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: http://213.159.117.133/dkprogs/hosts.txt
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaDE89.exe
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://etalk.epson.de/netagent/objects/custappx3.CAB
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: {1D168290-F3DF-4842-94C3-2862596771FB} (Yahoo! Fotos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_3de.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binarie...ia32_EN_XP.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-18.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1599a114...dxIE601_de.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemp...veSecurity.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binarie...e2oneSvcEN.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://install.cokemusic.de/client/p...LER_loader.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB50896A-0B33-414A-A7AF-07EF8E01C68C}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

Danke!

Haui45 · 13.03.2005, 17:16

Das Log schaut gar nicht gut aus.
Damit wir sichergehen können ob eine Reparatur überhaupt noch Sinn macht, scanne dein System bitte mit eScan im abgesicherten Modus (Anleitung genau befolgen!) und poste was gefunden wird. Am einfachsten machst du das so:
Direkt nach dem Scan, den Inhalt des Fensters "Virus Log Information" kopieren (Strg+A alles markieren; Strg+C kopieren) und in einer Textdatei speichern (z.B. mit Wordpad o.ä.). Dazu den Inhalt mit Strg+V in das Textverarbeitungsprogramm einfügen und das Dokument dann abspeichern. Nach dem Neustart kannst du die Infos aus der Datei einfach ins Forum kopieren.

Poste außerdem folgendes aus der mwav.log (steht ganz am Ende):

Zitat:

Total Number of Files Scanned:
Total Number of Virus(es) Found:
Total Number of Disinfected Files:
Total Number of Files Renamed:
Total Number of Deleted Files:
Total Number of Errors:
Time Elapsed:

Birk · 13.03.2005, 18:00

also

gefunden hat er dieses:

File C:\WINDOWS\System32\systime.exe infected by "Trojan.Win32.StartPage.pu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\systime.exe infected by "Trojan.Win32.StartPage.pu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\adlinstallwin32.exe infected by "not-a-virus:AdWare.Adstart.a" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\ICD2.tmp\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\THI70A2.tmp\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\xwxload.exe infected by "Trojan-Downloader.Win32.Small.fo" Virus. Action Taken: No Action Taken.

Sun Mar 13 17:57:23 2005 => Total Files Scanned: 4798
Sun Mar 13 17:57:23 2005 => Total Virus(es) Found: 9
Sun Mar 13 17:57:23 2005 => Total Disinfected Files: 0
Sun Mar 13 17:57:23 2005 => Total Files Renamed: 0
Sun Mar 13 17:57:23 2005 => Total Deleted Files: 0
Sun Mar 13 17:57:23 2005 => Total Errors: 4
Sun Mar 13 17:57:23 2005 => Time Elapsed: 00:05:07
Sun Mar 13 17:57:23 2005 => Virus Database Date: 2005/03/11
Sun Mar 13 17:57:23 2005 => Virus Database Count: 121166

cronos · 13.03.2005, 18:04

Du hast escan nicht vollständig ausgeführt.Nimm bitte die Einstellungen die der Sreenshot zeigt:

Birk · 13.03.2005, 18:33

oki.soorry. Hab nicht aufgepasst. Ich scan nun nochmal, während des Scannens hab ich mal ne Frage zwischendrurch..

z.B. der Eintrag: File C:\WINDOWS\System32\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.

Ist es richtig, die Datei EGCOMLIB_1035.dll zu löschen, um diesen Dialer zu entfernen?

Gruß
Birk

Birk · 13.03.2005, 21:22

also so siehts nun aus:

File C:\WINDOWS\System32\systime.exe infected by "Trojan.Win32.StartPage.pu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\systime.exe infected by "Trojan.Win32.StartPage.pu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\hosts infected by "Trojan.Win32.Qhost.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\adlinstallwin32.exe infected by "not-a-virus:AdWare.Adstart.a" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\ICD2.tmp\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\THI70A2.tmp\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ANDREA~1.AND\LOKALE~1\Temp\xwxload.exe infected by "Trojan-Downloader.Win32.Small.fo" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Andreas Wagner\Anwendungsdaten\msfg\submit2.exe infected by "Trojan-Downloader.Win32.Agent.az" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Andreas Wagner.ANDREAS-PJM7JJ0\Eigene Dateien\Eigene Musik\setup_mp3tool_1.5.3.2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Andreas Wagner.ANDREAS-PJM7JJ0\Lokale Einstellungen\Temp\adlinstallwin32.exe infected by "not-a-virus:AdWare.Adstart.a" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Andreas Wagner.ANDREAS-PJM7JJ0\Lokale Einstellungen\Temp\ICD2.tmp\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Andreas Wagner.ANDREAS-PJM7JJ0\Lokale Einstellungen\Temp\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Andreas Wagner.ANDREAS-PJM7JJ0\Lokale Einstellungen\Temp\THI70A2.tmp\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Andreas Wagner.ANDREAS-PJM7JJ0\Lokale Einstellungen\Temp\xwxload.exe infected by "Trojan-Downloader.Win32.Small.fo" Virus. Action Taken: No Action Taken.
File C:\new.exe infected by "Trojan-Downloader.Win32.Small.aiq" Virus. Action Taken: No Action Taken.
File C:\Programme\AVPersonal\INFECTED\olehelp.VIR01 infected by "Trojan.Win32.StartPage.cu" Virus. Action Taken: No Action Taken.
File C:\Programme\NavExcel\NavHelper\v2.0.4c\NHelper.dll infected by "not-a-virus:AdWare.NavExcel.f" Virus. Action Taken: No Action Taken.
File C:\Programme\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe infected by "not-a-virus:AdWare.NavExcel" Virus. Action Taken: No Action Taken.
File C:\Programme\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe infected by "not-a-virus:AdWare.NavExcel.b" Virus. Action Taken: No Action Taken.
File C:\Programme\NavExcel\NavHelper\v2.0.4c\v2.0.4c.b.cab infected by "not-a-virus:AdWare.NavExcel.f" Virus. Action Taken: No Action Taken.
File C:\Programme\WAV to MP3 Encoder\MthreeTopText_ezStub.exe infected by "not-a-virus:AdWare.EZula.p" Virus. Action Taken: No Action Taken.
File C:\Programme\Windows Media Player\wmplayer.exe.tmp infected by "Trojan-Downloader.Win32.Small.py" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C14A3393-67E7-43A6-A67E-93F7FCD905F6}\RP38\A0066390.exe infected by "Trojan.Win32.Dialer.ck" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C14A3393-67E7-43A6-A67E-93F7FCD905F6}\RP38\A0066465.exe infected by "Trojan.Win32.Dialer.ck" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C14A3393-67E7-43A6-A67E-93F7FCD905F6}\RP38\A0066541.exe infected by "Trojan-Clicker.Win32.Promo.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C14A3393-67E7-43A6-A67E-93F7FCD905F6}\RP38\A0066550.exe infected by "Trojan-Downloader.Win32.Small.ahg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C14A3393-67E7-43A6-A67E-93F7FCD905F6}\RP38\A0066551.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C14A3393-67E7-43A6-A67E-93F7FCD905F6}\RP38\A0066552.exe infected by "not-a-virus:AdWare.BiSpy.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\hosts infected by "Trojan.Win32.Qhost.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mxTarget.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.

und

un Mar 13 19:33:50 2005 => Total Files Scanned: 49849
Sun Mar 13 19:33:50 2005 => Total Virus(es) Found: 34
Sun Mar 13 19:33:50 2005 => Total Disinfected Files: 0
Sun Mar 13 19:33:50 2005 => Total Files Renamed: 0
Sun Mar 13 19:33:50 2005 => Total Deleted Files: 0
Sun Mar 13 19:33:50 2005 => Total Errors: 74
Sun Mar 13 19:33:50 2005 => Time Elapsed: 01:15:47

Gruß
Birk

213.159.117.134 als Startseite

Log-Analyse und Auswertung: 213.159.117.134 als Startseite