Diskutiere ezula entfernen? im Viren, Trojaner, Spyware etc. Forum im Bereich Sicherheits-Center; Hallo!
ich hab ein kleines prob mit diverser spyware. Mein problem ist das ich die dateien nicht finde.
in gnu ist angeblich nix. (standard...
Neues Thema erstellen
Antworten
Hallo!
ich hab ein kleines prob mit diverser spyware. Mein problem ist das ich die dateien nicht finde.
in gnu ist angeblich nix. (standard, rg_sz_wert nicht gesetzt)
in licenses sind vier einträge, weiß leider nicht welcher davon bearshare sein soll.
und ezula find ich irgendwie gar nicht? was mach ich falsch.
achja...nur escan findet die spyware. ad-aware...nix, regfreeze...nix....
2005 => Offending value found in HKCU\Software\gnu !!!
Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.
Wed Sep 28 09:31:26 2005 => Offending value found in HKLM\Software\Licenses !!!
Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.
Wed Sep 28 09:31:26 2005 => Offending value found in HKLM\Software\Licenses !!!
Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.
Wed Sep 28 09:31:45 2005 => Offending file found: C:\DOKUME~1\charly\Desktop\internet.lnk
Wed Sep 28 09:31:45 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: Keine Aktion vorgenommen.
vielen dank
bearshare hab ich mittlerweile gefunden...aber ezula find ich ums verrecken nicht...help
hast du die Registry nach ezula durchsucht? ???
pan_fee
Hallo!
Ich hab eZula mit dem Fixezula entfernt, aber beim Neustart installiert sich das Drecksprogramm immer wieder selbst! Was kann ich dagegen tun???
Gruß Mirko! :'(
Hi, hier mal der Log Bericht!
Symantec Adware.Ezula Removal Tool 1.0.3
process: mmod.exe (terminated)
process: IEXPLORE.EXE (terminated)
process: wo.exe (terminated)
C:\Programme\eZula\CHCON.dll: (deleted)
C:\Programme\eZula\eabh.dll: (deleted)
C:\Programme\eZula\mmod.exe: (deleted)
C:\Programme\eZula\seng.dll: (deleted)
C:\Programme\Web Offer\apev.exe: (deleted)
C:\Programme\Web Offer\CHPON.dll: (deleted)
C:\Programme\Web Offer\eapbh.dll: (deleted)
C:\Programme\Web Offer\sepng.dll: (deleted)
C:\Programme\Web Offer\wo.exe: (deleted)
C:\WINNT\system32\ezstub.exe: (deleted)
directory C:\Programme\eZula: (deleted)
directory C:\Programme\Web Offer: (deleted)
registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run: eZmmod (value deleted)
registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run: eZWO (value deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\eZulaAgent.IEObject.1 (key deleted)
registry: HKEY_CLASSES_ROOT\eZulaAgent.IEObject (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand (key deleted)
registry: HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaAgent.PlugProt (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaAgent.PlugProt.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB} (key deleted)
registry: HKEY_CLASSES_ROOT\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\AppID\eZulaMain.EXE (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaMain.TrayIConM (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaMain.TrayIConM.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57} (key deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Offer (key deleted)
registry: HKEY_CLASSES_ROOT\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\AppID\eZulaBootExe.EXE (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl.1 (key deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\ezula (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0818D423-6247-11D1-ABEE-00D049C10000} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AtlBrCon.AtlBrCon (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AtlBrCon.AtlBrCon.1 (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EZulaMain.eZulaPopSearchPipe (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} (key deleted)
directory C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\TopText iLookup: (deleted)
Adware.Ezula has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 48470
The number of deleted threat files: 10
The number of directories deleted: 3
The number of threat processes terminated: 3
The number of registry entries fixed: 97
mirksdudi schrieb:
Logfile of HijackThis v1.99.0
aktuell ist Version
1.99.1
Running processes:
C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
Prozess mmod.exe im Taskmanager beenden und im abgesicherten Modus [F8] den Ordner ezula löschen. In der Registry unter RUN den Eintrag löschen.
O4 - HKLM\..\Run: [Explorer] C:\WINNT\system32\expI orer.exe
ist nicht der Exp
L orer, der Windows-Explorer liegt nämlich im Verzeichnis C:\WINNT und wird mit L (=l) geschrieben und
nicht mit I (=i).
Prozess im Taskmanager beenden und im abgesicherten Modus löschen. In der Registry unter RUN den Eintrag löschen.
http://www.hackfix.org/miscfix/acidbattery.shtml
Autostarteinträge (RUN) finden:
http://www.wintotal.de/Tipps/Eintrag.php?TID=233
O4 - HKLM\..\Run: [Wuupdate] C:\WINNT\system32\smmss.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINNT\system32\smmss.exe
auch hier den Prozess beenden, im abgesicherten Modus die smmss.exe löschen und in der Registry (RUN und RunOnce).
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
gehört auch zu eZula - das selbe Spiel auch hier
Sieh auch unter Systemsteuerung - Software nach, ob du Web Offer deinstallieren kannst.
Viel erfolg
pan_fee
Du musst dich einloggen oder registrieren, um hier zu antworten.
Neues Thema erstellen
Antworten
Thema:
ezula entfernen?