ZHPDiag – Module O42 – Software installed

O42 of ZHPDiag module list all the software installed in the Base of registers by excluding the updates and fixes Microsoft Windows.

Some malware programs are not listed in the module O42, which refers to the software uninstall keys stored by the system. L’ adding a module for enumerating the key software system and users will allow to more effectively detect these malware programs. This list appears only with the selection of the module O42.

Search on the following Base of registry keys :
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

Adding the name of the owner of the software and a new module iInsertion «» HKCU & HKLM Software Keys "which allows the list the software keys. S "searches in the keys "HKCUSoftware". and "HKLMSoftware..

A supplementary search is made in the key «» AppDataLow« . The registry key " HKCUSoftwareAppDataLow "is this for Vista operating system. It is precisely part of the UAC (User Account Control) and corresponds to the user folder. \Users{username}\AppDataLocalLow« . Research will also be in its subkeys as for example «» Software« .

Added the key software end-of-line and optimization of deleting if uninstall fails. Some software offer a faulty installer of in order to make a partial uninstall. C' is the case for example of «» Searchqu Toolbar "that is installed with Bandoo.

Overview ZHPDiag

—\\ Software installed (O42)
O42 – Logiciel: Adobe Flash Player Plugin
O42 – Logiciel: Adobe Photoshop 7.0
O42 – Logiciel: Avira AntiVir Personal – Free Antivirus
O42 – Logiciel: CCleaner (Remove only)

—\\ Software installed (O42) v1.25.03
O42 – Logiciel: 32 Bit HP CIO Components install – (.Hewlett-Packard.)
O42 – Logiciel: 7-Zip 4.57 – (.No owner.) [HKLM]

—\\ HKCU & HKLM Software Keys v1.25.1346
[HKCUSoftwareAdobe]
[HKLMSOFTWAREBifrost]

—\\ HKCU & HKLM Software Keys v1.26.19
[HKCUSoftwareAppDataLowSoftwareMicrosoft]
[HKCUSoftwareAppDataLowSoftwarepdfforge]
[HKCUSoftwareAppDataLowpdfforge]

—\\ Software installed (O42) v1.26.43
O42 – Logiciel: Google Update Helper – (.Google Inc...) [HKLM] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 – Logiciel: Grisbi 0.5.9 – (.Grisbi.org.) [HKLM] — GRISBI

 

Examples of detection

—\\ Software installed (O42)
O42 – Logiciel: PQwick – (.PQwick.) [HKLM] — PQwick
O42 – Logiciel: AstiCon 0.2 – (.AstiCon.) [HKLM] — AstiCon 0.2
O42 – Logiciel: AstiCon 1.2.0.0 – (.AstiCon.) [HKLM] — AstiCon 1.2.0.0

—\\ Software installed (Other key)
HKLMSOFTWAREWow6432NodemtPlusdax
HKCUSOFTWAREmtPlusdax

Action ZHPFix (Case N ° 1)

O42 – Logiciel: {DataKey} – (…) [ {Hive} ]

{Key} : Registry key [ {Hive} \SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
{Hive} : HKCU or HKLM
{DataKey} : The value data «» DisplayName »
{SoftwareKey} : Key containing the value «» DisplayName »
{Uninstall} : The value data ‘UninstallString« .

1) The tool uninstalls the software by running the command {Uninstall}
2) The tool deletes the key {SoftwareKey} If still presents.

NB : In the case of absence of value 'UninstallString '., the tool removes only the key {SoftwareKey}

Action ZHPFix (Case N ° 2)

[ {Hive} \Software{SubKey}\ {SoftwareKey} ]

{Key} : Registry key [ {Hive} \Software{SubKey}\ {SoftwareKey} ]
{Hive} : HKCU or HKLM
{SubKey}: Key concern of {Key}
{SoftwareKey} : Key software corresponding to a key of {SubKey} or {Key} (If {SubKey} is empty)

1) The tool deletes the key {SoftwareKey}.

Report ZHPFix (Exemple N°1)

Lines entered (2) :
[HKCUSoftwarePopCap]
[HKLMSoftwarePopCap]

Report of ZHPFix v1.12.3118 by Nicolas Coolman, Update of the 07/07/2010

= Registry key =.
HKCUSoftwarePopCap => Key deleted successfully
HKLMSoftwarePopCap => Key deleted successfully

= Summary =.
2 : The registry key

Report ZHPFix (Exemple N°2)

Lines entered (2) :
O42 – Logiciel: Search Settings v1.2.3 – (.Spigot, Inc..) [HKLM]
O42 – Logiciel: DAEMON Tools Toolbar – (.DT Soft Ltd.) [HKLM]

Report of ZHPFix v1.12.3129 by Nicolas Coolman, Update of the 27/07/2010

= Software(s) ==========
O42 – Logiciel: Search Settings v1.2.3 – (.Spigot, Inc..) [HKLM] => Software successfully deleted
O42 – Logiciel: DAEMON Tools Toolbar – (.DT Soft Ltd.) [HKLM] => Software successfully deleted

= Summary =.
2 : Logiciel(s)

 

Report ZHPFix (Case of a faulty uninstaller)

O42 – Logiciel: Windows Searchqu Toolbar – (.Discordia Limited.) [HKLM] — Searchqu MediaBar

Report of ZHPFix 1.12.3207 by Nicolas Coolman, Update of the 06/10/2010

= Key(s) the registry =.
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchqu MediaBar] => Key deleted successfully

= Folder(s) ==========
C:\Program FilesWindows Searchqu Toolbar => Deleted and quarantined

= Software(s) ==========
O42 – Logiciel: Windows Searchqu Toolbar – (.Discordia Limited.) [HKLM] — Searchqu MediaBar => Software successfully deleted

= Summary =.
1 : Key(s) the registry
1 : Folder(s)
1 : Logiciel(s)


Total views 1 188 (Today 1 )