Zoek.exe İnceleme

Version 4.0.0.2
İndirme linki: http://www.hijackthis.nl/smeenk/110113/zoek.exe

zoek.exe

Yazılım,resimde de gördüğünüz satır bilgileri hakkında işlem yapıyor. Bizler için önemli verileri elde ediyor.


Hedef çalışmaya göre ilgili kutucuklar işaretlendikten sonra Run Script butonuna basılmalıdır. Rapor otomatik olarak masaüstüne kaydedilmektedir. Ayrıca otomatik olarak sistem yeniden başlatılmaktadır.

Yazılım güvenli olup, olası sorunlara karşı otomatik olarak, sistem geri yükleme noktası oluşturmaktadır.

 Aşağıda örnek bir rapor:
***********************************************************************************

Zoek.exe Version 4.0.0.2 Updated 31-03-2013
Tool run by xxxxxx on Thu 04/04/2013 at 15:54:48.82.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Installed Programs ======================

??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Acrobat  9 Pro - English, Russian
Adobe Acrobat 9.4.0 - CPSID_83708
Adobe AIR
Adobe Dreamweaver CS6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Photoshop CS5
Adobe Widget Browser
ASUS AI Recovery
ASUS FaceLogon
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS PWR Option
ASUS Secure Delete
ASUS Smart Gesture
ASUS Tutor
ASUS USB Charger Plus
ASUS WebStorage
AsusVibe2.0
ATK Package
avast Free Antivirus
AX88772B Windows 7 Drivers
Bing Bar
Bluetooth Win7 Suite (64)
Camtasia Studio 7
Compl‚ment Messenger
Complemento Messenger
Control ActiveX de Windows Live Mesh para conexiones remotas
Contr“le ActiveX Windows Live Mesh pour connexions … distance
Controlo ActiveX do Windows Live Mesh para Liga‡oes Remotas
COWON Media Center - jetAudio Plus VX
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
FastStone Capture 6.7
FlashFXP v4.2
Fresco Logic USB3.0 Host Controller
Galeria de Fotografias do Windows Live
Galer¡a fotogr fica de Windows Live
Galerie de photos Windows Live
Google Chrome
Google Talk (remove only)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
InstantOn for NB
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Turbo Boost Technology Monitor 2.0
Internet Download Manager
Java 7 Update 15
Java Auto Updater
JavaFX 2.1.0
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Full)
LastPass(uninstall only)
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
PDF Settings CS5
PowerWiz
Proxifier version 3.15
Qualcomm Atheros WiFi Driver Installation
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
SkypeT 6.2
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
UltraISO Premium V9.52
Unlocker 1.9.1-x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598289) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
VmciSockets
VMware Workstation
Windows Driver Package - ASUS (ATP) Mouse  (07/24/2012 1.0.0.105)
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinFlash
Winrar 3.93
WinRAR archiver
Wireless Console 3
Yahoo Messenger
Yahoo Software Update
Yahoo Toolbar

==== Firefox Extensions ======================

ProfilePath: C:\Users\Hannan\AppData\Roaming\Mozilla\Firefox\Profiles\b7batkhv.default
- Undetermined - %ProfilePath%\extensions\959d67553c55621b310c32b0b6b64a5ebc09862e221f57b923e0003​24e4c0b3a_lp.key
- Undetermined - %ProfilePath%\extensions\959d67553c55621b310c32b0b6b64a5ebc09862e221f57b923e0003​24e4c0b3a_lp.key
- Xmarks - %ProfilePath%\extensions\foxmarks@kei.com
- LiveBlock Auction International Container Loader Plug-in - %ProfilePath%\extensions\npLaiLoader@liveblockauctions.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Flash Video Downloader - Youtube Downloader - %ProfilePath%\extensions\artur.dubovoy@gmail.com.xpi
- Add-on Compatibility Reporter - %ProfilePath%\extensions\compatibility@addons.mozilla.org.xpi
- Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com.xpi
- Lazarus: Form Recovery - %ProfilePath%\extensions\lazarus@interclue.com.xpi
- SEO Status PageRankAlexa Toolbar - %ProfilePath%\extensions\seostatus@rubyweb.xpi
- TinEye Reverse Image Search - %ProfilePath%\extensions\tineye@ideeinc.com.xpi
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
- Internote - %ProfilePath%\extensions\{e3631030-7c02-11da-a72b-0800200c9a66}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Hannan\AppData\Roaming\Mozilla\Firefox\Profiles\b7batkhv.default
47299371607DC2FB234444EEACB1639E    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll -    Shockwave Flash
1B197A0ED28DB310AB67591567C3787A    - C:\Windows\SysWOW64\npDeployJava1.dll -    Java Deployment Toolkit 7.0.150.3
E0FF893763BA82BAABB869A351F0C455    - C:\Users\Hannan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll -    Google Update
24D5B7EABA53DDCB361C537A040B98A1    - C:\Users\Hannan\AppData\Roaming\Mozilla\Firefox\Profiles\b7batkhv.default\extens ​ions\npLaiLoader@liveblockauctions.com\plugins\npLaiLoader.dll -    LiveBlock Auctions International Container Loader plugin
15E298B5EC5B89C5994A59863969D9FF    - C:\Windows\SysWOW64\npmproxy.dll -    Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hdokiejnpimakedhajhdlcegeplioahd - C:\Program Files (x86)\LastPass\lpchrome.crx[28/03/2013 10:58 PM]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/03/2013 12:29 PM]

Changes to sync - Hannan - Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla
Session Manager - Hannan - Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi
Sexy Undo Close Tab - Hannan - Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg
New Tabs At End - Hannan - Default\Extensions\bgogjfbkjgjhonhikkkflpkgpcpfljoa
YouTube - Hannan - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Hannan - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Read Later Fast - Hannan - Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji
Session Buddy - Hannan - Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko
AdBlock - Hannan - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
TinEye Reverse Image Search - Hannan - Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl
LastPass - Hannan - Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Feedly - Your News RSS Google Reader - Hannan - Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob
Quick Note - Hannan - Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok
Postponer Manager - Hannan - Default\Extensions\mmfblgljgoaokhbcjnddgcnaielcpjeb
Postponer Adder - Hannan - Default\Extensions\pggmlienkcoenodbjpkbidlmmedgonai
Gmail - Hannan - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
PageRank - Hannan - Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc
Changes to sync - Hannan - Profile 1\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla
Google Docs - Hannan - Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Hannan - Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Session Manager - Hannan - Profile 1\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi
Sexy Undo Close Tab - Hannan - Profile 1\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg
New Tabs At End - Hannan - Profile 1\Extensions\bgogjfbkjgjhonhikkkflpkgpcpfljoa
YouTube - Hannan - Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Hannan - Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Read Later Fast - Hannan - Profile 1\Extensions\decdfngdidijkdjgbknlnepdljfaepji
Session Buddy - Hannan - Profile 1\Extensions\edacconmaakjimmfgnblocblbcdcpbko
AdBlock - Hannan - Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom
TinEye Reverse Image Search - Hannan - Profile 1\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl
LastPass - Hannan - Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Feedly - Your News RSS Google Reader - Hannan - Profile 1\Extensions\hipbfijinpcgfogaopmgehiegacbhmob
avast WebRep - Hannan - Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Quick Note - Hannan - Profile 1\Extensions\mijlebbfndhelmdpmllgcfadlkankhok
Postponer Manager - Hannan - Profile 1\Extensions\mmfblgljgoaokhbcjnddgcnaielcpjeb
Postponer Adder - Hannan - Profile 1\Extensions\pggmlienkcoenodbjpkbidlmmedgonai
Gmail - Hannan - Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

***********************************************************************************

 Zoek.exe Kullanım Kılavuzu:

• Zoek.exe yazılımını buradan masaüstüne indirin.
• Aktif güvenlik yazılımlarınızı, masaüstü açık dosya ve klasörlerinizi kapatın.
• Vista/win7/win8 için yazılım üzerinde sağ tıklayarak yönetici olarak çalıştır deyin.
• Açılan menü penceresine 1 yazın ve tamam deyin.
• Size bildirilen hedef kutucukları işaretleyin.
• Run Script butonuna basın ve size bir rapor verene kadar hiç bir şeye dokunmadan bekleyin.
• İşlem sonunda yazılım sistemi yeniden başlatabilir.
• İşlem sonunda size otomatik olarak bir işlem raporu verecektir..

Not:1 Win8.1 versiyonuna şu an itibarı ile uyumlu değildir.


 Yazılım komutları ile ilgili bilgi vermek istiyorum:

autoclean;
startupall;

Aşağıdaki türden bilgilerin gösterilmesi;

dhkplhfnhceodhffomolpfigojocbpcb;chr
gpicboiclhmnllnjdcfcffifpoaebgkm;chr
icgmakoalgoklohnlneheobfmkdlfkgi;chr
jcdgjdiieiljkfkdcloehkohchhpekkn;chr
gijllgkkonhcdgklhffbpgbllneeblnh;chr
ochbjojkpcmlfeagbaahkofepalngihg;chr

{043C5167-00BB-4324-AF7E-62013FAEDACF};c

----> exe dosyalarının gösterilmesi
C:\windows\SysWOW64\lnsecsl.exe;f
C:\Users\Lars\AppData\Local\Temp\lnsecsl.exe;f
C:\windows\TEMP\mrt814F.tmp\stdrt.exe;f

stdrt;a
lnsecsl;a

autoclean;
standardsearch;
filesrcm;

ielook;
firefoxlook;
chromelook;

installedprogs;
resetWMI;
emptyfolderscheck;delete
torpigcheck;

emptyclsid;
emptyalltemp;

-----> Tarayıcıları varsayılan ayarlara getirirler.
iedefaults;
FFdefaults;
CHRdefaults;

emptyIEcache;
emptyFFcache;
emptyCHRcache;

-----> Servisler
UtilityChest_49Service;s
VideoDownloadConverter_4zService;s
Adobe Licensing Console;s

outobox;U ----> Klasör

----> Rakamsal klasörler
C:\ProgramData\2433f433;fp
C:\users\Henske\AppData\Roaming\2433f433;fp
C:\users\Henske\AppData\Local\2433f433;fp

-----> Dosya ve klasörlerin gösterilmesi;
C:\Program Files\VideoDownloadConverter_4z;fs
C:\Program Files\UtilityChest_49;fs
C:\PROGRA~2\SEARCH~1;fs
C:\Users\Glenn\AppData\Roaming\Systweak;fs
C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\91h1uzr4.default\extensio​ns\dealio@mybrowserbar.com;fs
C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\91h1uzr4.default\extensio​ns\wtxpcom@mybrowserbar.com;fs
C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\91h1uzr4.default\extensio​ns\50313609efefa@50313609eff33.info;fs
C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\91h1uzr4.default\extensio​ns\plugin@yontoo.com;fs
C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\91h1uzr4.default\extensio​ns\staged-xpis;fs
C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\91h1uzr4.default\extensio​ns\vshare@toolbar;fs
C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\91h1uzr4.default\extensio​ns\{cdf97ee2-ded0-4369-835e-99dd08225fa5};fs

C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\7be8h2yj.default\searchp​lugins\delta.xml;f
C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\7be8h2yj.default\searchp​lugins\babylon.xml;f


Kayıt defteri anahtarlarının gösterilmesi;
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ooVoo.exe];r64

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon];r
"Shell"=-;r
"AppInit_DLLs"=-;r
"VideoDownloadConverter Search Scope Monitor"=-;r
"VideoDownloadConverter_4z Browser Plugin Loader"=-;r
"Utility Chest Search Scope Monitor"=-;r
"UtilityChest_49 Browser Plugin Loader"=-;r


Başlangıçta çalışan yazılımın başlangıçtan kaldırılması:
Rapordan;
---------
mRun: [Advanced System Protector_startup] "c:\program files\advanced system protector\AdvancedSystemProtector.exe" autolaunch
"Advanced System Protector_startup"=C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe

Script aşağıda:
-------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"Advanced System Protector_startup"=-;r


Not: Bilgiler güncellenmeye devam edecektir.

Hijackthis Takımı
Yeni sitemiz:  http://trmalwarefix.freeforums.net/


İyi günler.