The meaning of ZHPDiag options

Generally, analysis must be done with all options checked, but you may need to quickly do a particular search.

The interface of the ZHPDiag is not necessarily speaking to neophytes, I will therefore try to bridge the relationship with the corresponding modules in the report.

The options interface consists of two category columns and a third column for browsers and other options.

The options module currently includes 50 Categories, 8 browsers and 5 Other special options.

The report ZHPDiag is composed of 4 groups, the modules of header, the basic modules, the optional modules and report modules.

The modules from header include general information such as the operating system, the RAM, the protections, browsers. The base modules are the fixed structure of the report. The optional modules are related to the choice of the user. The end modules provide specific information.

The column 1 interface (Categories) :

It includes 25 possible choices (Checkboxes) and lists the categories.

– « Navigators installed » : List the browsers that are installed on your station. (Web Browser ).
– « Windows Information » : Information on the identity of the operating system. (Windows Product Information (WPI) ) .
– « Other Software » : Target some software whose update is required, System optimization software, sharing software P2P installed.
– « Platform information » : Various information about the operating system and memory. (System Information).
– « System Disk Unit » : Details storage units. (Back/Devices).
– « Protection software » : List the installed protection software. (System Protection).
– « Generic Processes » : Is likely to be infected system files. (Recherche particulière de fichiers génériques).
– « Processes launched » : Lists the processes launched. (Start process).
– "Internet Explorer Proxy (R5) » : Lists Proxy Internet Explorer settings (Internet Explorer, Proxy Management)
– "Internet Explorer (F2,F3) » : F2 – Lists some registry key values (Changing a value system. (MVS) )
– "Internet Explorer (F2,F3) » : F3 – Lists some registry key values (Changing a value Win.Ini (MVW) )
– "State of the Services (SR/SS) » : SR/SS – Lists the general state of services. (State General Services (EGS) )
– "Context Menu (Mrt) » : O107 – Lists MRT files (Microsoft Removal Tool)
– "ActiveSetup components (ASIC) » : List registry keys. (ActiveSetup Installed Components)
– "Packages installed (AppModel) » : List registry keys. (AppModel Repository)
– "Host File Analysis" : O1 – Lists hosts file content for redirects. (The Hosts file redirection)
– "Browser Helper Object (BHO) » : O2 – List the BHO (Browser Helper Objects) Internet Explorer browser (Browser Helper Objects in browser)
– "Navigator Toolbar" : O3 – List Internet Explorer Tool Bars. (Internet Explorer Toolbars)
– "Enumeration of Run Keys" : O4 – Applications started by the system. (Applications started automatically by the registry)
– "Global Startup" : O4 GS – Applications launched at system startup. (Global shortcuts Startup)
– "Winsock Analysis" : Ø10 – Concerns the hacking of Winsock LSP. (Winsock hijacker (Layered Service Provider)
– "DNS Domains Analysis" : O17 – Listing DNS server settings. (Change address/domain DNS)
– "Additional Protocol" : O18 – Lists changes to the default protocols. (Additional protocols)
– "Winlogon and AppInit" : O20 – Lists files loaded via the registry value AppInit_DLLs. (AppInit_DLLs Registry value Autorun)
– "Winlogon and AppInit" : O20 – Lists the files in the Winlogon Notify subkeys. (Values of subkeys Winlogon Notify (Autorun) )
– "Started Services" : O23 – Lists services started automatically. (Liste des services NT non Microsoft et non désactivés)
– "Boot-started process" : O34 – Run through Session manager. (BootExecute (BE) )

The column 2 interface (Categories) :

It includes 25 possible choices (Checkboxes) and lists the categories.

– "Image Key Analysis" : Lists Image Key Registry Keys.
– "Automatic Planned Task" : Ø38 – Lists tasks started with the system. (Tâches planifiées en automatique (APT) )
– "Software installed" : O42 – List installed software. (Software installed (FAR))
– "Software installed" : O42 – Lists Software Registry Keys. (HKCU & HKLM Software Keys)
– "Dossier Analysis" : O43 – Lists program files. (Content of the Programes files (CFD))
– "State of the Prefetcher" : O45 – List the latest Prefetcher files. (Latest files created by Windows Prefetcher)
– "Image File Execution (IFEO) » : Ø50 – List registry keys. (Image File Execution Options (IFEO) )
– "Feature Control Keys" : O81 –Search infections IE with the compatibility mode of the documents management. (Internet Feature Controls (IFC) )
– "CLSID ShellExecuteHooks Keys" : O46 – Lists the Operations and functions at the start of Windows Explorer. (ShellExecuteHooks (SEH) )
– "MountPoint Keys" : O51 – Tracking the infections from USB ports. (MountPoints2 Key Shell (MPSK) )
– "MSconfig ShareTools" : O53 – List the values and the StartupReg key data.(ShareTools MSconfig StartupReg (SMSR) )
– "System Drivers" : O58 – List the system drivers. (List of System Drivers (SDL) )
– "Last Recorded Files" : O61 – List the latest files created. (Latest files modified or created (LFC) )
– "Shell Spawning Orders" : Ø67 – Lists certain file extensions. (File Association Shell Spawning (FASS) )
– "Start Internet Menu" : O68 – Lists installed internet browsers. (Start Menu Internet (SMI) )
– "Crack,"Keygen" : O82 – Research of crack or keygen file. (Crack & Keygen Files (CKF) )
– "Svchost Service" : O83 – Lists the Windows SvcHost services. (Search for services that are started by Svchost (SSS) )
– "Exceptions of the Firecracker" : O87 – List some applications of Windows Firewall. (Firewall Active Exception List (FirewallRules) )
– "Product upgrades" : Ø90 – List the installed product codes. (Product Upgrade Codes)
– "Windows Install" : O93 – List of MSI Windows Installer package files. (Windows install Scan)
– "Keys Tracing" : Ø100 – Lists harmful Tracing keys. (Research of Tracing registry keys)
– "ShellIconOverlay" : O106 – Lists ShellIconOverlayIdes. (Search for key ShellIconOverlayIdentifiers)
– "StartupApproved Keys" : O35 – Lists the Startup Approved key. (Key Explorer )
– "SearchScopes Keys" : List SearchScopes keys.
– "Registry Tasks" : Lists the tasks of the Registry.
– "Additional Research" : O88 –Detections associated with the ZHPScan function. (Additional scan (ACE))

The column 3 interface (Browser) :

– « Comodo » : List browser items (Startup, Search, extension, etc.)
– « Edge Chromium » : List browser items (Startup, Search, extension, etc.)
– « Firefox » : List browser items (Startup, Search, extension, etc.)
– « Google » : List browser items (Startup, Search, extension, etc.)
– « Internet Explorer » : List browser items (Startup, Search, extension, etc.)
– « Opera » : List browser items (Startup, Search, extension, etc.)
– « Slimjet » : List browser items (Startup, Search, extension, etc.)
– « Vivaldi » : List browser items (Startup, Search, extension, etc.)

The column 3 interface (Other Option) :

– "Searching 30 days" : The search for recent files is limited to 30 days.
– "Don't filter Microsoft" : Filter some Microsoft lines.
– "Show the balance sheet" : End of search, shows the balance sheet.
– "Serial Number" : Lists serial numbers of processes.
– "Show report" : End of search, displays the report in the browser.