BullsEye wütet wieder!

Squad · 23.05.2005, 09:30

Hallo!

Ich habe mir nun schon einige Posts über den Trojaner Bullseye durchgelesen, den ich mir eingefangen habe. Da ich aber absolut keine Ahnung auf diesem Gebiet habe, poste ich hier mal meinen Logfile, in der Hoffnung, dass mir jemand helfen kann!!! Vielen Dank schonmal für jede Hilfe!

Logfile of HijackThis v1.99.1
Scan saved at 09:50:00, on 23.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\CASIO\PCsync\QDCTray.exe
C:\Programme\Palm\HOTSYNC.EXE
C:\Programme\OpenOffice.org1.1.0\program\soffice.exe
C:\Programme\OpenOffice.org1.1.1\program\soffice.exe
C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
C:\Programme\NaviSearch\bin\nls.exe
C:\Programme\BullsEye Network\bin\bargains.exe
C:\Programme\CashBack\bin\cashback.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Profaktur\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe
O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

_____________
Anm.
Aktive Links editiert!
Beachte die Hinweise dieser Anleitung: HiJackThis

LG Cidre
S-Mod TB

Squad · 25.05.2005, 15:41

So, habe jetzt alles in stundenlanger Arbeit getan, was hier im Forum über den Bullseye gesagt wurde! Kann sich bitte jetzt nochmal jemand mein LogFile ansehen und sagen, ob noch was fehlerhaftes bzw. schädliches zu finden ist!? Vielen Dank und einen schönen Feiertag! Gruß, Squad

Logfile of HijackThis v1.99.1
Scan saved at 16:32:28, on 25.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Palm\HOTSYNC.EXE
C:\Programme\OpenOffice.org1.1.0\program\soffice.exe
C:\Programme\OpenOffice.org1.1.1\program\soffice.exe
C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe
O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE

Meerjungfraumann · 25.05.2005, 16:42

Hy,
Logfile passt denke ich.Aber Update unbedingt Dein Windows auf Service Pack 2 schliest sämtliche Sicherheitslücken.

Greetings from MEERJUNGFRAUMANN (SPONGEBOB MEMBER)

Rene-gad · 25.05.2005, 17:10

@Squad
Bitte alle Links im Log deaktivieren (z.B. h**p statt http)

Zitat:

So, habe jetzt alles in stundenlanger Arbeit getan, was hier im Forum über den Bullseye gesagt wurde!

Wievile Stunden hast du verbracht, wenn es kein Geheimnis ist?

Bitte fixen:

Zitat:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.exactsearch.net/sidesearch
F3 - REG:win.ini: run=
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\COMOne\Bluetooth Software\btsendto_ie.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/

Diese Datei im abgesicherten Modus löschen

Zitat:

C:\WINDOWS\web\related.htm

Squad · 27.05.2005, 00:14

@Rene: Na ja, ich hab insgesamt ca. 10 Stunden drangesessen inkl. Wartezeiten bei Scans etc.

Danke für's checken meines Logfiles! Jetzt müsste es doch eigentlich okay sein, oder!?

Logfile of HijackThis v1.99.1
Scan saved at 01:04:43, on 27.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Palm\HOTSYNC.EXE
C:\Programme\OpenOffice.org1.1.0\program\soffice.exe
C:\Programme\OpenOffice.org1.1.1\program\soffice.exe
C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Ordner\Eigene Dateien\Ordner\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: Quick Data Copy.lnk = C:\Programme\CASIO\PCsync\QDCTray.exe
O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Programme\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\HCW\wzed.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - h**p://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4221A4-20E3-4E8F-9CC4-6CF80D6689E9}: NameServer = 195.8.224.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE

cronos · 27.05.2005, 00:45

Sauber ist der Log immer noch nicht!
Um mehr Informationen zu bekommen führe Escan wie beschrieben aus und teile uns die Ergebnisse mit!

Edit:

Warum ist kein Service Pack 2 installiert?

Rene-gad · 27.05.2005, 07:51

@Squad

Zitat:

Na ja, ich hab insgesamt ca. 10 Stunden drangesessen inkl. Wartezeiten bei Scans etc.

Du hast wohl zu viel Zeit übrig

. In 3 Stunden hättest du deine Kiste neu formatiert und virenfrei gehabt. Und SP2 fehlt nach wie vor

Squad · 01.06.2005, 16:23

Hallo! Wenn ich das Service Pack 2 installiere und dann ins Internet gehe, stürzt mein Rechner IMMER ab.

Deshalb habe ich es wieder deinstalliert. Woran kann das liegen? Verträgt es sich nicht mit AV?

Gruß, Squad

Rene-gad · 01.06.2005, 17:20

@Squad
Installieren von SP2 und Co. befreit den PC von Malware nicht. Warum hast du den Posting von cronos nicht abgearbeitet?

Squad · 02.06.2005, 20:17

Habe jetzt den eScan jetzt ausgeführt! Herausgekommen ist eine ewig lange Liste von der ich so gut wie nichts verstehe...

Sorry, ich hab' von solchen Sachen leider wirklich nur sehr wenig Ahnung. Ich hoffe ihr könnt mir weiterhelfen und ich poste nichts unerlaubtes vom eScan!

Danke schonmal für alle hilfreichen Antworten!

Hier mein Scan:

Squad · 02.06.2005, 20:19

Scan kommt im neuen Fenster!

Wenn ich die find.bat Datei erstellt habe und dann doppelklicke, öffnet sich zwar ein neues Fenster im MS-DOS und es wird etwas geschrieben. Dann schließt sich das Fenster aber schnell wieder. Eine Datei Namens eScan_neu.txt kann ich nicht finden. Was mache ich falsch???

chaosman · 02.06.2005, 20:44

@Squad
Scan kommt im neuen Fenster!

wo bleibts?
chaosman

Squad · 02.06.2005, 20:52

Da es anders nicht funktioniert hier mein Scan:

Seite 1:

File C:\WINDOWS\zeta.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cashback Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "exactutil Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\CyberLink\Common\UpdateIPR.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Siemens AG Shared\DESServer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMmxBVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMmxSVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMP5BVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\APMP5SVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliDetectDll.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliDX6vf.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\GliVd1vf.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGMXBVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGMXSVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGP5BVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\MPGP5SVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVd3BVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVMWBVR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVMWSVR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVPWBVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\UbiSoft\Rayman2\dll\WAVPWSVR.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_office.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_notes.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcss.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNCopy.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btwpimif.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bt2k_ins.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\wbtapi.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcpl.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsec.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_notes.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_ol.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btins.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btdev.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\WidcommSdk.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\lcppn21.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_lnagent.nsf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTXPPanel.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtXpShell.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btrez.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btbigbmp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bthcrp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btosif_olx.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtWizard.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_wab.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BtAudioHelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNCopy.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTXPPanel.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btsendto_ie.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\BTNeighborhood.dll.manifest". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcss.dll.manifest". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btcpl.cpl.manifest". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\bthcrpui.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btprn2k.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\btrezxp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Lexware1\Gemeinsame Dateien\Optionen\BenutzerMgr.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Lexware1\Gemeinsame Dateien\Optionen\PersonalMgr.xml". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E500-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E510-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E520-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E530-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E531-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E532-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0083AA80-357D-11D4-876E-CA5F65139036}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\hhvrend2.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{01002B17-5D93-4551-81E4-831FEF780A53}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0174EB42-3CBC-4910-9C88-82B36A14C62B}" refers to invalid object "C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterBluetooth.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0AA02E8D-F851-4CB0-9F64-BBA9BE7A983D}" refers to invalid object "C:\PROGRA~1\WINDOW~3\mpvis.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{13E40445-0C30-11D2-ADAC-00104B453807}" refers to invalid object "C:\PROGRA~1\Lexware\ANLAGE~1\AnlageVW.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B544C24-FD0B-11CE-8C63-00AA0044B520}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2aa2b5fe-b846-4d07-810c-b21ee45320e3}" refers to invalid object "%SystemRoot%\System32\xmlprovi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2EA10031-0033-450E-8072-E27D9E768142}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{305F718E-620B-11D3-B484-008029659E91}" refers to invalid object "C:\MAGIX\MM2005~1\REGMOD~1\audiovis.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31087270-D348-432C-899E-2D2F38FF29A0}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{353359C1-39E1-491b-9951-464FD8AB071C}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{35465706-E211-11d3-8B87-C295F909460A}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\WMServerReader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36773DF3-37FC-47B6-9F8F-CC4699917938}" refers to invalid object "D:\acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41D2B841-7692-4C83-AFD3-F60E845341AF}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{442D12A1-2641-11d2-90FB-006008A1F441}" refers to invalid object "a3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49AD-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49AF-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49B6-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49B8-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49CF-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E7F49D5-E4B5-11D1-8D9D-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4F3E50BD-A9D7-4721-B0E1-00CB42A0A747}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56d398df-f37d-4d6d-94cc-8b3ea36c3a39}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\MXMPEG2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586FB486-5560-4FF3-96DF-1118C96AF456}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}" refers to invalid object "C:\WINDOWS\System32\twext.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A20FD6F-F8FE-4a22-9EE7-307D72D09E6E}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.

Squad · 02.06.2005, 20:53

Seite 2:

Entry "HKCR\CLSID\{5B4B05EB-1F63-446B-AAD1-E10A34D650E0}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5D62A639-0FB0-11D2-8DB2-006097DBEFEF}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCW.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62090F4D-7F27-11D4-ABF2-0080C8FCDE68}" refers to invalid object "C:\PROGRA~1\Lexware\BUCHHA~1\BHAUSW~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{679E132F-561B-42F8-846C-A70DBDC62999}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6C68955E-F965-4249-8E18-F0977B1D2899}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80080-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80081-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80082-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78D80083-F388-11D3-9161-00105A07EA40}" refers to invalid object "C:\WINDOWS\SYSTEM\LCODCCMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F1232EE-44D7-4494-AB8B-CC61B10E21A5}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FB3E3A1-829B-11D3-8032-00A0C941A56C}" refers to invalid object "C:\Programme\KraiSoft\Warkanoid\GmIntrnt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{849F5184-79E2-11D5-99F3-0050043E594A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\Dll\LxBsns30.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{849F519C-79E2-11D5-99F3-0050043E594A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\Dll\AVBsns30.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8602FB8E-2F21-46A0-89DA-BCBFF80A9B02}" refers to invalid object "C:\LEXWARE\PCBH32\KRCheck.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{90914AA1-0A85-407B-AA90-AD5BE725D805}" refers to invalid object "D:\acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92883667-E95C-443D-AC96-4CACA27BEB6E}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{97D6D376-23BB-11D1-A0E1-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9AC5BD2F-604B-4062-86BC-5B1AB98D6648}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\Lexware\EBUSIN~1\FKUpload.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9DB7A13C-F208-4981-8353-73CC61AE2783}" refers to invalid object "C:\WINDOWS\System32\twext.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A2EDA89A-0966-4B91-9C18-AB69F098187F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ADEADEB8-E54B-11d1-9A72-0000F875EADE}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AECF5D2E-7A18-4DD2-BDCD-29B6F615B448}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4DC8DD9-2CC1-4081-9B2B-20D7030234EF}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6E33EB2-8C6D-49E6-BBA9-9CF33759D35F}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\hhmultee.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BC0D69A8-0923-4EEE-9375-9239F5A38B92}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0D076C5-E4C6-4561-8BF4-80DA8DB819D7}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C378B3A7-404B-445B-8334-D078852EABDB}" refers to invalid object "C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterBluetooth.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C44C65C7-FDF1-453D-89A5-BCC28F5D69F9}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C63344D8-70D3-4032-9B32-7A3CAD5091A5}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8F209F8-480E-454C-94A4-5392D88EBA0F}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD2425E4-8141-11D0-8CE4-444553540000}" refers to invalid object "C:\LEXWARE\PCFK32\Pcfk32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CFFB1FC7-270D-4986-B299-FECF3F0E42DB}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3B06B05-3667-4175-B2D2-D54DCED5E9F1}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\dscapture.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D42AB085-7E24-460f-9BFB-9ADE542A81B9}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\mxvisuals.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7546AAE-A77A-11D1-B901-00AA00585640}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCF.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7546ABD-A77A-11D1-B901-00AA00585640}" refers to invalid object "C:\Programme\Microsoft Office\Office10\MSOWCF.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{d8f1eee0-f634-11cf-8700-00a0245d918b}" refers to invalid object "a3d.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DB6E8F48-FD3E-11D0-A0BC-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~4\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E188F7A3-A04E-413E-99D1-D79A45F70305}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E476CBFF-E229-4524-B6B7-228A3129D1C7}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E673DCF2-C316-4c6f-AA96-4E4DC6DC291E}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E769AC40-7735-11D2-8B7B-9D5958F45120}" refers to invalid object "C:\MAGIX\mm2005_silver\RegModule\wavdest.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E8C31D11-6FD2-4659-AD75-155FA143F42B}" refers to invalid object "C:\Programme\Movie Maker\wmm2ae.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EC85D8F1-1C4E-46e4-A748-7AA04E7C0496}" refers to invalid object "C:\Programme\Movie Maker\wmm2fxa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED4EB73F-EDEC-11D3-BC26-00A0CC5087AB}" refers to invalid object "C:\MAGIX\mm2005_silver\pptaddin.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EF105BC3-C064-45F1-AD53-6D8A8578D01B}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F44BB2D0-F070-463E-9433-B0CCF3CFD627}" refers to invalid object "C:\Programme\Movie Maker\wmm2filt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\ADP.UrlCatcher" refers to invalid object "{F4E04583-354E-4076-BE7D-ED6A80FD66DA}". Action Taken: No Action Taken.
Entry "HKCR\ADP.UrlCatcher.1" refers to invalid object "{F4E04583-354E-4076-BE7D-ED6A80FD66DA}". Action Taken: No Action Taken.
Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\CB.UrlCatcher" refers to invalid object "{CE188402-6EE7-4022-8868-AB25173A3E14}". Action Taken: No Action Taken.
Entry "HKCR\CB.UrlCatcher.1" refers to invalid object "{CE188402-6EE7-4022-8868-AB25173A3E14}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MultimediaConverter.Converter" refers to invalid object "{E180CA8F-034D-11d6-AEA1-00B0D0797201}". Action Taken: No Action Taken.
Entry "HKCR\NLS.UrlCatcher" refers to invalid object "{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}". Action Taken: No Action Taken.
Entry "HKCR\PDF.PdfCtrl.5" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\System32\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\System32\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\System32\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\System32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl2.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\system32\mac80ex.idf tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\system32\javex80.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\system32\psis80ex.ax tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul3.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul1.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Gast\Eigene Dateien\Ralph\CD-Brennd\tägliche Losung\Winlos03.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-837.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-344.dll tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Jan\Eigene Dateien\Jan\backups\backup-20050523-115914-345.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\HCW\wpcuinst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

chaosman · 02.06.2005, 21:02

@Squad
poste bitte folgendes
________________________________________
Öffne C:\bases\mwav.log
Am Ende folgendes suchen und hier rein kopieren:
Zitat:
Total Files Scanned:
Total Virus(es) Found:
Total Disinfected Files:
Total Files Renamed:
Total Deleted Files:
Total Errors:
Time Elapsed:
Virus Database Date:
Virus Database Count:

chaosman

BullsEye wütet wieder!

Log-Analyse und Auswertung: BullsEye wütet wieder!