ezula entfernen?

Dieses Thema ezula entfernen? im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von tomatine, 28. Sep. 2005.

Thema: ezula entfernen? Hallo! ich hab ein kleines prob mit diverser spyware. Mein problem ist das ich die dateien nicht finde. in gnu ist...

  1. Hallo!

    ich hab ein kleines prob mit diverser spyware. Mein problem ist das ich die dateien nicht finde.
    in gnu ist angeblich nix. (standard, rg_sz_wert nicht gesetzt)
    in licenses sind vier einträge, weiß leider nicht welcher davon bearshare sein soll.
    und ezula find ich irgendwie gar nicht? was mach ich falsch.

    achja...nur escan findet die spyware. ad-aware...nix, regfreeze...nix....

    2005 => Offending value found in HKCU\Software\gnu !!!
    Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.

    Wed Sep 28 09:31:26 2005 => Offending value found in HKLM\Software\Licenses !!!
    Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.

    Wed Sep 28 09:31:26 2005 => Offending value found in HKLM\Software\Licenses !!!
    Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.

    Wed Sep 28 09:31:45 2005 => Offending file found: C:\DOKUME~1\charly\Desktop\internet.lnk
    Wed Sep 28 09:31:45 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: Keine Aktion vorgenommen.


    vielen dank
     
  2. bearshare hab ich mittlerweile gefunden...aber ezula find ich ums verrecken nicht...help
     
  3. hast du die Registry nach ezula durchsucht? ???

    pan_fee
     
  4. Hallo!

    Ich hab eZula mit dem Fixezula entfernt, aber beim Neustart installiert sich das Drecksprogramm immer wieder selbst! Was kann ich dagegen tun???

    Gruß Mirko! :'(
     
  5. Hi, hier mal der Log Bericht!

    Symantec Adware.Ezula Removal Tool 1.0.3
    process: mmod.exe (terminated)
    process: IEXPLORE.EXE (terminated)
    process: wo.exe (terminated)

    C:\Programme\eZula\CHCON.dll: (deleted)
    C:\Programme\eZula\eabh.dll: (deleted)
    C:\Programme\eZula\mmod.exe: (deleted)
    C:\Programme\eZula\seng.dll: (deleted)
    C:\Programme\Web Offer\apev.exe: (deleted)
    C:\Programme\Web Offer\CHPON.dll: (deleted)
    C:\Programme\Web Offer\eapbh.dll: (deleted)
    C:\Programme\Web Offer\sepng.dll: (deleted)
    C:\Programme\Web Offer\wo.exe: (deleted)
    C:\WINNT\system32\ezstub.exe: (deleted)
    directory C:\Programme\eZula: (deleted)
    directory C:\Programme\Web Offer: (deleted)

    registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run: eZmmod (value deleted)
    registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run: eZWO (value deleted)
    registry: HKEY_CLASSES_ROOT\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\eZulaAgent.IEObject.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\eZulaAgent.IEObject (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand (key deleted)
    registry: HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaAgent.PlugProt (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaAgent.PlugProt.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB} (key deleted)
    registry: HKEY_CLASSES_ROOT\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\AppID\eZulaMain.EXE (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaMain.TrayIConM (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaMain.TrayIConM.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57} (key deleted)
    registry: HKEY_CLASSES_ROOT\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136} (key deleted)
    registry: HKEY_CLASSES_ROOT\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Offer (key deleted)
    registry: HKEY_CLASSES_ROOT\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\AppID\eZulaBootExe.EXE (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl (key deleted)
    registry: HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
    registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\ezula (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0818D423-6247-11D1-ABEE-00D049C10000} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AtlBrCon.AtlBrCon (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AtlBrCon.AtlBrCon.1 (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EZulaMain.eZulaPopSearchPipe (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} (key deleted)

    directory C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\TopText iLookup: (deleted)
    Adware.Ezula has been successfully removed from your computer!

    Here is the report:

    The total number of the scanned files: 48470
    The number of deleted threat files: 10
    The number of directories deleted: 3
    The number of threat processes terminated: 3
    The number of registry entries fixed: 97
     
  6. aktuell ist Version 1.99.1

    Prozess mmod.exe im Taskmanager beenden und im abgesicherten Modus [F8] den Ordner ezula löschen. In der Registry unter RUN den Eintrag löschen.

    ist nicht der ExpLorer, der Windows-Explorer liegt nämlich im Verzeichnis C:\WINNT und wird mit L (=l) geschrieben und nicht mit I (=i).
    Prozess im Taskmanager beenden und im abgesicherten Modus löschen. In der Registry unter RUN den Eintrag löschen.
    http://www.hackfix.org/miscfix/acidbattery.shtml
    Autostarteinträge (RUN) finden: http://www.wintotal.de/Tipps/Eintrag.php?TID=233

    auch hier den Prozess beenden, im abgesicherten Modus die smmss.exe löschen und in der Registry (RUN und RunOnce).

    gehört auch zu eZula - das selbe Spiel auch hier
    Sieh auch unter Systemsteuerung - Software nach, ob du Web Offer deinstallieren kannst.

    Viel erfolg

    pan_fee
     
Die Seite wird geladen...

ezula entfernen? - Ähnliche Themen

Forum Datum
eZula , wie entfernen? Windows XP Forum 6. Dez. 2006
Dr/EZula.AK.1 Windows XP Forum 1. Aug. 2005
Win7 entfernen ohne Neuinstallation? Windows 7 Forum 12. Okt. 2016
Aus dem Startmenü Einträge entfernen Windows 10 Forum 16. Dez. 2015
win 10 preview entfernen Windows 7 Forum 29. Nov. 2015