ezula entfernen?

tomatine · 28.09.2005

Hallo!

ich hab ein kleines prob mit diverser spyware. Mein problem ist das ich die dateien nicht finde.
in gnu ist angeblich nix. (standard, rg_sz_wert nicht gesetzt)
in licenses sind vier einträge, weiß leider nicht welcher davon bearshare sein soll.
und ezula find ich irgendwie gar nicht? was mach ich falsch.

achja...nur escan findet die spyware. ad-aware...nix, regfreeze...nix....

2005 => Offending value found in HKCU\Software\gnu !!!
Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.

Wed Sep 28 09:31:26 2005 => Offending value found in HKLM\Software\Licenses !!!
Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.

Wed Sep 28 09:31:26 2005 => Offending value found in HKLM\Software\Licenses !!!
Wed Sep 28 09:31:26 2005 => Object bearshare Spyware/Adware found in File System! Action Taken: Keine Aktion vorgenommen.

Wed Sep 28 09:31:45 2005 => Offending file found: C:\DOKUME~1\charly\Desktop\internet.lnk
Wed Sep 28 09:31:45 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: Keine Aktion vorgenommen.

vielen dank

tomatine · 30.09.2005

bearshare hab ich mittlerweile gefunden...aber ezula find ich ums verrecken nicht...help

PCDpan_fee · 01.10.2005

hast du die Registry nach ezula durchsucht? ???

pan_fee

DevilSquare · 13.10.2005

Lad das Programm runter http://securityresponse.symantec.com/avcenter/venc/data/adware.ezula.html
Ist zimlich weit unten. Hatte das gleiche Prob.

mirksdudi · 05.11.2005

Hallo!

Ich hab eZula mit dem Fixezula entfernt, aber beim Neustart installiert sich das Drecksprogramm immer wieder selbst! Was kann ich dagegen tun???

Gruß Mirko! :'(

mirksdudi · 05.11.2005

Hi, hier mal der Log Bericht!

Symantec Adware.Ezula Removal Tool 1.0.3
process: mmod.exe (terminated)
process: IEXPLORE.EXE (terminated)
process: wo.exe (terminated)

C:\Programme\eZula\CHCON.dll: (deleted)
C:\Programme\eZula\eabh.dll: (deleted)
C:\Programme\eZula\mmod.exe: (deleted)
C:\Programme\eZula\seng.dll: (deleted)
C:\Programme\Web Offer\apev.exe: (deleted)
C:\Programme\Web Offer\CHPON.dll: (deleted)
C:\Programme\Web Offer\eapbh.dll: (deleted)
C:\Programme\Web Offer\sepng.dll: (deleted)
C:\Programme\Web Offer\wo.exe: (deleted)
C:\WINNT\system32\ezstub.exe: (deleted)
directory C:\Programme\eZula: (deleted)
directory C:\Programme\Web Offer: (deleted)

registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run: eZmmod (value deleted)
registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run: eZWO (value deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\eZulaAgent.IEObject.1 (key deleted)
registry: HKEY_CLASSES_ROOT\eZulaAgent.IEObject (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand (key deleted)
registry: HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaAgent.PlugProt (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaAgent.PlugProt.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB} (key deleted)
registry: HKEY_CLASSES_ROOT\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\AppID\eZulaMain.EXE (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaMain.TrayIConM (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaMain.TrayIConM.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay.1 (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57} (key deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136} (key deleted)
registry: HKEY_CLASSES_ROOT\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Offer (key deleted)
registry: HKEY_CLASSES_ROOT\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\AppID\eZulaBootExe.EXE (key deleted)
registry: HKEY_CLASSES_ROOT\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl (key deleted)
registry: HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl.1 (key deleted)
registry: HKEY_CLASSES_ROOT\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
registry: HKEY_USERS\S-1-5-21-1229272821-1957994488-725345543-500\Software\ezula (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0818D423-6247-11D1-ABEE-00D049C10000} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AtlBrCon.AtlBrCon (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AtlBrCon.AtlBrCon.1 (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EZulaMain.eZulaPopSearchPipe (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} (key deleted)

directory C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\TopText iLookup: (deleted)
Adware.Ezula has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 48470
The number of deleted threat files: 10
The number of directories deleted: 3
The number of threat processes terminated: 3
The number of registry entries fixed: 97

PCDpan_fee · 06.11.2005

mirksdudi schrieb:
Hi, hier mal der Log Bericht!

heißt ......es wurden die Prozesse beendet und die Werte/Schlüssel gelöscht

was sagt das Hijack-Log?

http://www.wintotal.de/Tipps/Eintrag.php?TID=873

pan_fee

PCDpan_fee · 06.11.2005

mirksdudi schrieb:
Logfile of HijackThis v1.99.0

aktuell ist Version 1.99.1

Running processes:
C:\PROGRA~1\ezula\mmod.exe

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

Prozess mmod.exe im Taskmanager beenden und im abgesicherten Modus [F8] den Ordner ezula löschen. In der Registry unter RUN den Eintrag löschen.

O4 - HKLM\..\Run: [Explorer] C:\WINNT\system32\expIorer.exe

ist nicht der ExpLorer, der Windows-Explorer liegt nämlich im Verzeichnis C:\WINNT und wird mit L (=l) geschrieben und nicht mit I (=i).
Prozess im Taskmanager beenden und im abgesicherten Modus löschen. In der Registry unter RUN den Eintrag löschen.
http://www.hackfix.org/miscfix/acidbattery.shtml
Autostarteinträge (RUN) finden: http://www.wintotal.de/Tipps/Eintrag.php?TID=233

O4 - HKLM\..\Run: [Wuupdate] C:\WINNT\system32\smmss.exe

O4 - HKCU\..\RunOnce: [Web Offer] C:\WINNT\system32\smmss.exe

auch hier den Prozess beenden, im abgesicherten Modus die smmss.exe löschen und in der Registry (RUN und RunOnce).

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

gehört auch zu eZula - das selbe Spiel auch hier
Sieh auch unter Systemsteuerung - Software nach, ob du Web Offer deinstallieren kannst.

Viel erfolg

pan_fee

ezula entfernen?

tomatine

tomatine

PCDpan_fee

DevilSquare

mirksdudi

mirksdudi

PCDpan_fee

PCDpan_fee

ezula entfernen?

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums