The value of ZHPDiag is composed of 4 groups, the modules of header, the basic modules, the optional modules and report modules.
The modules from header include general information such as the operating system, the RAM, the protections, browsers. The base modules are the fixed structure of the report. The optional modules are related to the choice of the user. The end modules provide specific information.
O2-Browser Helper Objects browser (BHO). This module search all Browser Helper Objects (BHO) installed. A BHO is an application that adds some features to the Web browser. Features - Search is done on the CLSID sub-keys of the Registry Base key [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] - The line is commented with the owner's name and the name of the file. (.Google Inc. - GoogleToolbarNotifier.) - In the absence of a startup and file, and so owner and description of the file, there is display of the mention "An orphan key". Orphan keys usually come from uninstalling ... Read more
R5 - Internet Explorer Proxy Management (IEPM) Related to the Internet Explorer Proxy Management module (IEPM). It allows to identify the Microsoft Internet Explorer proxy settings. Features - The search is done on the following Registry Base keys : [HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings] [HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings] - For the following registry values : ProxyOverride ProxyServer ProxyProxy ProxyHttpHttp1.1 EnableHttp1-1 AutoConfigProxy I. PROXY : THE REGISTRY KEY VALUES. The management of the proxies is mostly around 3 main register values "ProxyEnable", "ProxyServer" and "ProxyOverride". - ProxyEnable : Authorizes or refuses the use of a proxy - ProxyServer : Allows ... Read more
The ADS streams (Alternate Data Stream). The NTFS file system, used by Microsoft has a feature that is undocumented and unknown to many developers, Directors. This feature is called Alternate Data Streams and allows data like text, graphics or executable code to be stored in hidden files. These are related to a normal visible file. The main purpose of these feeds was to enable the macintosh Hierarchical File System to support (HFS) and thus allow a Windows NT-type system to be a file server for ... Read more
ZHPDiag - Module O4 GS (Global Startup) The module O4 GS (Global Startup) ZHPDiag lists all the app shortcuts placed in some Windows startup folders. Many malwares place shortcuts in the folder "Windows-Start Menu-Programs". This is particularly the case for some superfluous software such as "Securitytool". Legitimate software can also place a shortcut in this folder, this is the case for example of Analog Clock by Opera Software. Although it is not strictly speaking a link "Global Startup", however, it is interesting to have a list of them in this module. Adding search to other user folders to ... Read more