InstaFinder_inst245.exe trojaner

[spun]

hallo nikita

und schon wider hab ich ein problem!!

also ich hab mir nen Screen Saver runter geladen und als ich den instaliren wolte is mein kaspersky auf gegangen und hatt nen virus gemeldet einen hat er löschen können und den andern nicht den er nicht löschen konnte heist ( InstaFinder_inst245.exe ) also ich hab die instalazion gleich abgebrochen aber als ich dan bei software rein geschaut hab waren da 4 oder 5 ferschidene sachen instalirt die ich gar nicht kenn also hab ich sie mal gleich deinstalirt. dan hab ich im abgesicherten modus kaspersky laufen lasen aber das hatt nichts gebracht!! jezt hab ich ad-aware laufen lasen und hir is das log:


Ad-Aware SE Build 1.05
Logfile Created on:Montag, 18. April 2005 04:18:01
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
EzuLa(TAC index:6):27 total references
MRU List(TAC index:0):13 total references
Other(TAC index:5):1 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


18.04.2005 04:18:01 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\alex\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1844823847-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 600
ThreadCreationTime : 18.04.2005 02:16:08
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 672
ThreadCreationTime : 18.04.2005 02:16:10
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 18.04.2005 02:16:10
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 18.04.2005 02:16:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 18.04.2005 02:16:10
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 928
ThreadCreationTime : 18.04.2005 02:16:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [winstylerthemesvc.exe]
FilePath : C:\Programme\TuneUp Utilities 2004\
ProcessID : 940
ThreadCreationTime : 18.04.2005 02:16:10
BasePriority : Normal
FileVersion : 1.0.0.107
ProductVersion : 4.0.0.0
ProductName : TuneUp Utilities
CompanyName : TuneUp Software GmbH
FileDescription : TuneUp WinStyler Theme Service
LegalCopyright : © 2000-2004 TuneUp Software GmbH

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1076
ThreadCreationTime : 18.04.2005 02:16:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1224
ThreadCreationTime : 18.04.2005 02:16:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1276
ThreadCreationTime : 18.04.2005 02:16:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1420
ThreadCreationTime : 18.04.2005 02:16:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1716
ThreadCreationTime : 18.04.2005 02:16:15
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:13 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1888
ThreadCreationTime : 18.04.2005 02:16:16
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:14 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1920
ThreadCreationTime : 18.04.2005 02:16:16
BasePriority : Normal
FileVersion : 5.1.0.34
ProductVersion : 5.1.0.34
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 280
ThreadCreationTime : 18.04.2005 02:16:23
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [tcpsvcs.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 344
ThreadCreationTime : 18.04.2005 02:16:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE

#:17 [teamspeak.exe]
FilePath : C:\Programme\Teamspeak2_RC2\
ProcessID : 2016
ThreadCreationTime : 18.04.2005 02:16:36
BasePriority : Normal
FileVersion : 2.0.32.60
ProductVersion : 2.0.32.60
ProductName : TeamSpeak 2 Client
CompanyName : Dominating Bytes Design
FileDescription : The TeamSpeak 2 client
InternalName : TeamSpeak.exe
LegalCopyright : (c) 2002-2003 Dominating Bytes Design
OriginalFilename : TeamSpeak.exe

#:18 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 1708
ThreadCreationTime : 18.04.2005 02:16:55
BasePriority : Normal


#:19 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1512
ThreadCreationTime : 18.04.2005 02:17:51
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulabootexe.installctrl.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulabootexe.installctrl.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulabootexe.installctrl

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulabootexe.installctrl
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\ezulabootexe.exe

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\ezulabootexe.exe
Value : AppID

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "eZstub"
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1844823847-725345543-1003\software\microsoft\windows\currentversion\runonce
Value : eZstub

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 36


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@trafficmp[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:alex@trafficmp.com/
Expires : 18.04.2006 03:57:28
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 37



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : File
Data : A0065755.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{8A8F5105-CF59-416F-B2D4-5055B8718281}\RP28\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 38




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\iNetPal

EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\iLookup

EzuLa Object Recognized!
Type : File
Data : ezstub.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 3, 0, 70, 11
ProductVersion : 1, 0, 0, 1
ProductName : eZstub Module
CompanyName : WebDevWOInt
FileDescription : eZstub Module
InternalName : eZstub
LegalCopyright : Copyright 2000
OriginalFilename : eZstub.EXE


Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 42

04:21:32 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:30.375
Objects scanned:73128
Objects identified:29
Objects ignored:0
New critical objects:29


--------------------------------------------------------------------


hir das hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 04:30:47, on 18.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Dokumente und Einstellungen\alex\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\RunOnce: [eZstub] Command /c del C:\WINDOWS\System32\eZstub.exe
O4 - HKCU\..\RunOnce: [Web Offer] Command /c del C:\WINDOWS\System32\EZPOPS~1.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

[miezmutz]

Hallo spun,
scheinbar bist du übersehen worden...
melde dich doch bitte mal, ob dein Problem noch besteht...

[Nikita]

Start-->Ausfuehren-->Regedit:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web offer <--loeschen

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\eZstub <--loeschen

Fixe mit dem HijackThis:

O4 - HKCU\..\RunOnce: [eZstub] Command /c del C:\WINDOWS\System32\eZstub.exe
O4 - HKCU\..\RunOnce: [Web Offer] Command /c del C:\WINDOWS\System32\EZPOPS~1.EXE

neustarten

Deinstallieren: web offer+eZstub(ezula)
"Start -> Einstellungen -> Systemsteuerung -> Software"

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\System32\InstaFinder_inst.exe
C:\WINDOWS\System32\InstaFinder_inst245.exe

C:\Program Files\web offer\apev.exe
C:\WINDOWS\System32\ezpopstub.exe
C:\Program Files\web offer\chpon.dll
C:\Program Files\web offer\eapbh.dll
C:\Program Files\web offer\apev.exe
C:\Program Files\web offer\chpon.dll
C:\Program Files\web offer\eapbh.dll
C:\Program Files\web offer\sepng.dll
C:\Program Files\web offer\unwise.exe
C:\Program Files\web offer\wo.exe

C:\WINDOWS\system32\amtxprxy.dll
C:\WINDOWS\system32\araamon.dll
C:\WINDOWS\system32\auaamon.dll
C:\WINDOWS\system32\aud.dll
C:\WINDOWS\system32\book.dll
C:\WINDOWS\system32\cdcore.dll
C:\WINDOWS\system32\cdrules.dll
C:\WINDOWS\system32\cdsync.dll
C:\WINDOWS\system32\coreak.dll
C:\WINDOWS\system32\mmview_ouch.dll
C:\WINDOWS\system32\msrev23.dll
C:\WINDOWS\system32\msrev43.dll
C:\WINDOWS\system32\rulesak.dll
C:\WINDOWS\system32\sicon.dll
C:\WINDOWS\system32\ss.dll
C:\WINDOWS\system32\sysfile.dll
C:\WINDOWS\system32\thin.dll
C:\WINDOWS\system32\updak.dll

C:\WINDOWS\iNetPal
C:\WINDOWS\iLookup

C:\Program Files\ezula\images
C:\WINDOWS\System32\ezstub.exe
C:\WINDOWS\iconz.exe
C:\WINDOWS\preinsln.exe
C:\WINDOWS\ezstub.exe
c:\ezstub.exe
C:\WINDOWS\System32\ezulaboot.exe

neustarten

C:\Program Files\web offer\<--loeschen
C:\WINDOWS\iNetPal <--loeschen
C:\WINDOWS\iLookup <--loeschen
C:\Program Files\ezula\<--loeschen

•Online-Scann (Panda)
http://www.pandasoftware.com/activescan ... ncipal.htm
(berichte vom Scann)

[spun]

also erstamal danke für deine hilfe

und bei dem scan is nichts rausgekommen hatt nichts angezeigt



und ich bedanke mich noch ma für deine hilfe