ZHPDiag – Module O42 – installed software

The ZHPDiag O42 module list all the software installed in the Registry for excluding updates and Microsoft Windows hotfix.

Some malware programs are not listed in the O42 module that refers to software uninstallation keys stored by the system. L’ adding & rsquo; a module d & rsquo; enumerate the softwares system and user keys will allow more effectively track these malware programs. This list s & rsquo; only displayed with the selection of the module O42.

Search s & rsquo; performs on key following Registry for :
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

Adding the name of the owner of the software and iInsertion a new module “HKCU & HKLM Software Keys” which allows the software to list the key. Search s”performs in key “HKCUSoftware” and “HKLMSoftware”.

Further research is done in the key “AppDataLow“. The registry key “HKCUSoftwareAppDataLow” has been present for the Vista operating system. It is precisely part of the & rsquo; UAC (User Account Control) and corresponds to the user folder “\Users{username}\AppDataLocalLow“. Research will also be done in sub-keys such as “Software“.

Adding the software key end of the line and optimizing the removal if faulty uninstallation. Some programs offer a failed un-installer to make a partial uninstallation. C”is the case for example “Searchqu Toolbar” which is installed with Bandoo.

Overview ZHPDiag

—\\ installed software (O42)
O42 – Software: Adobe Flash Player Plugin
O42 – Software: Adobe Photoshop 7.0
O42 – Software: Avira AntiVir Personal – Free Antivirus
O42 – Software: CCleaner (remove only)

—\\ installed software (O42) v1.25.03
O42 – Software: 32 Bit HP CIO Components Installer – (.Hewlett-Packard.)
O42 – Software: 7-Zip 4.57 – (.No owner.) [HKLM]

—\\ HKCU & HKLM Software Keys v1.25.1346
[HKCUSoftwareAdobe]
[HKLM SOFTWARE Bifrost]

—\\ HKCU & HKLM Software Keys v1.26.19
[HKCUSoftwareAppDataLowSoftwareMicrosoft]
[HKCUSoftwareAppDataLowSoftwarepdfforge]
[HKCUSoftwareAppDataLowpdfforge]

—\\ installed software (O42) v1.26.43
O42 – Software: Google Update Helper – (.Google Inc..) [HKLM] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 – Software: Grisbi 0.5.9 – (.grisbi.org.) [HKLM] — GRISBI

 

Examples of detection

—\\ installed software (O42)
O42 – Software: PQwick – (.PQwick.) [HKLM] — PQwick
O42 – Software: AstiCon 0.2 – (.AstiCon.) [HKLM] — AstiCon 0.2
O42 – Software: AstiCon 1.2.0.0 – (.AstiCon.) [HKLM] — AstiCon 1.2.0.0

—\\ installed software (other key)
HKLMSOFTWAREWow6432NodemtPlusdax
HKCUSOFTWAREmtPlusdax

Action ZHPFix (Cas No. 1)

O42 – Software: {DataKey} – (…) [ {Hive} ]

{Key} : Registry for Key [ {Hive} \SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
{Hive} : HKCU or HKLM
{DataKey} : Data Value “DisplayName
{SoftwareKey} : Key containing the value “DisplayName
{Uninstall} : Data Value ‘UninstallString“.

1) L & rsquo; tool uninstall the software by running the command {Uninstall}
2) The tool removes the key {SoftwareKey} if still present.

NB : If d & rsquo; absence value “UninstallString”, l & rsquo; tool removes only the key {SoftwareKey}

Action ZHPFix (Cas No. 2)

[ {Hive} \Software{SubKey}\ {SoftwareKey} ]

{Key} : Registry for Key [ {Hive} \Software{SubKey}\ {SoftwareKey} ]
{Hive} : HKCU or HKLM
{SubKey}: Souc-key {Key}
{SoftwareKey} : software key corresponding to a key {SubKey} or of {Key} (and {SubKey} is empty)

1) The tool removes the key {SoftwareKey}.

ZHPFix report (Example # 1)

lines entered (2) :
[HKCUSoftwarePopCap]
[HKLMSoftwarePopCap]

Report by Nicolas Coolman ZHPFix v1.12.3118, Update you 07/07/2010

========== ========== Key Registry
HKCUSoftwarePopCap => Key successfully deleted
HKLMSoftwarePopCap => Key successfully deleted

Summary ========== ==========
2 : Registry key

ZHPFix report (Example # 2)

lines entered (2) :
O42 – Software: Search Settings v1.2.3 – (.Spigot, Inc..) [HKLM]
O42 – Software: DAEMON Tools Toolbar – (.DT Soft Ltd.) [HKLM]

Report by Nicolas Coolman ZHPFix v1.12.3129, Update you 27/07/2010

Software ==========(s) ==========
O42 – Software: Search Settings v1.2.3 – (.Spigot, Inc..) [HKLM] => Software successfully removed
O42 – Software: DAEMON Tools Toolbar – (.DT Soft Ltd.) [HKLM] => Software successfully removed

Summary ========== ==========
2 : Software(s)

 

ZHPFix report (If d & rsquo; a faulty uninstaller)

O42 – Software: Windows Searchqu Toolbar – (.Discordia Limited.) [HKLM] — Searchqu MediaBar

ZHPFix Report 1.12.3207 by Nicolas Coolman, Update you 06/10/2010

========== Key(s) Registry ==========
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchqu MediaBar] => Key successfully deleted

========== Dossier(s) ==========
C:\Program FilesWindows Searchqu Toolbar => Removed and quarantined

Software ==========(s) ==========
O42 – Software: Windows Searchqu Toolbar – (.Discordia Limited.) [HKLM] — Searchqu MediaBar => Software successfully removed

Summary ========== ==========
1 : Key(s) Registry
1 : Dossier(s)
1 : Software(s)

ZHPDiag – Module O42 – installed software
5 (100%) 3 vote[s]

Total views 1,056 (Today 1 )