$timestamp = Get-Date -Format 'yyyyMMdd-HHmmss' $LogFile = "$env:TEMP\WTurn-Audit-System-$timestamp.log" function Write-Log { param([string]$Message) $Entry = "[$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')] $Message" Add-Content -Path $LogFile -Value $Entry Write-Host $Entry } function Write-Section { param([string]$Title) Write-Host "`n================================================================" -ForegroundColor Cyan Write-Host "| $Title" -ForegroundColor Cyan Write-Host "================================================================" -ForegroundColor Cyan Write-Log "===== $Title =====" } try { Write-Host "`n================================================================" -ForegroundColor Cyan Write-Host "AUDIT SYSTEME - W-TURN.LAN" -ForegroundColor Cyan Write-Host "================================================================`n" -ForegroundColor Cyan Write-Log "===== DEBUT AUDIT SYSTEME =====" Write-Log "Computer: $env:COMPUTERNAME" Write-Log "User: $env:USERNAME" Write-Log "Domain: $env:USERDOMAIN" # Verification droits admin $currentUser = [Security.Principal.WindowsIdentity]::GetCurrent() $principal = New-Object Security.Principal.WindowsPrincipal($currentUser) $isAdmin = $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-not $isAdmin) { Write-Host "`nATTENTION: Script non execute en administrateur" -ForegroundColor Yellow Write-Host "Certaines informations seront limitees`n" -ForegroundColor Yellow Write-Log "ATTENTION: Pas de droits admin" } else { Write-Log "Admin: OK" } # Section 1: Informations systeme Write-Section "INFORMATIONS SYSTEME" $OS = Get-WmiObject Win32_OperatingSystem Write-Host "OS: $($OS.Caption)" -ForegroundColor White Write-Host "Version: $($OS.Version)" -ForegroundColor White Write-Host "Architecture: $($OS.OSArchitecture)" -ForegroundColor White Write-Host "Installation: $($OS.InstallDate)" -ForegroundColor White Write-Log "OS: $($OS.Caption)" Write-Log "Version: $($OS.Version)" Write-Log "Architecture: $($OS.OSArchitecture)" $Computer = Get-WmiObject Win32_ComputerSystem Write-Host "Domaine: $($Computer.Domain)" -ForegroundColor White Write-Host "Membre du domaine: $($Computer.PartOfDomain)" -ForegroundColor White Write-Log "Domaine: $($Computer.Domain)" Write-Log "Membre du domaine: $($Computer.PartOfDomain)" # Section 2: Pilote problematique SvThANSP.sys Write-Section "RECHERCHE PILOTE SvThANSP.sys" $driverFound = $false $driverPaths = @( "$env:SystemRoot\System32\drivers\SvThANSP.sys", "$env:SystemRoot\System32\DriverStore\FileRepository\*\SvThANSP.sys" ) foreach ($path in $driverPaths) { $files = Get-ChildItem -Path $path -ErrorAction SilentlyContinue if ($files) { $driverFound = $true foreach ($file in $files) { Write-Host "TROUVE: $($file.FullName)" -ForegroundColor Yellow Write-Host " Taille: $($file.Length) bytes" -ForegroundColor White Write-Host " Date: $($file.LastWriteTime)" -ForegroundColor White Write-Log "Pilote trouve: $($file.FullName)" } } } if (-not $driverFound) { Write-Host "Pilote SvThANSP.sys NON TROUVE sur le disque" -ForegroundColor Green Write-Log "Pilote SvThANSP.sys: NON TROUVE" } # Recherche du service $service = Get-Service | Where-Object {$_.Name -like "*SvTh*" -or $_.DisplayName -like "*SvTh*"} if ($service) { Write-Host "`nService trouve:" -ForegroundColor Yellow $service | ForEach-Object { Write-Host " Nom: $($_.Name)" -ForegroundColor White Write-Host " Affichage: $($_.DisplayName)" -ForegroundColor White Write-Host " Statut: $($_.Status)" -ForegroundColor White Write-Host " Demarrage: $($_.StartType)" -ForegroundColor White Write-Log "Service: $($_.Name) - Status: $($_.Status)" } } else { Write-Host "Aucun service SvTh* trouve" -ForegroundColor Green Write-Log "Service SvTh*: NON TROUVE" } # Section 3: Services Symantec/Norton Write-Section "SERVICES SYMANTEC/NORTON" $symantecServices = Get-Service | Where-Object { $_.Name -like "*Symantec*" -or $_.Name -like "*Norton*" -or $_.DisplayName -like "*Symantec*" -or $_.DisplayName -like "*Norton*" } if ($symantecServices) { Write-Host "Services Symantec/Norton trouves:" -ForegroundColor Yellow $symantecServices | ForEach-Object { Write-Host " [$($_.Status)] $($_.DisplayName) ($($_.Name))" -ForegroundColor White Write-Log "Service Symantec/Norton: $($_.Name) - Status: $($_.Status)" } } else { Write-Host "Aucun service Symantec/Norton trouve" -ForegroundColor Green Write-Log "Services Symantec/Norton: AUCUN" } # Section 4: Programmes installes Symantec/Norton Write-Section "PROGRAMMES SYMANTEC/NORTON INSTALLES" Write-Host "Recherche en cours (peut prendre 30 secondes)..." -ForegroundColor Yellow $programs = Get-WmiObject -Class Win32_Product -ErrorAction SilentlyContinue | Where-Object { $_.Name -like "*Symantec*" -or $_.Name -like "*Norton*" } if ($programs) { Write-Host "`nProgrammes trouves:" -ForegroundColor Yellow $programs | ForEach-Object { Write-Host " Nom: $($_.Name)" -ForegroundColor White Write-Host " Version: $($_.Version)" -ForegroundColor White Write-Host " Editeur: $($_.Vendor)" -ForegroundColor White Write-Log "Programme: $($_.Name) v$($_.Version)" } } else { Write-Host "Aucun programme Symantec/Norton trouve" -ForegroundColor Green Write-Log "Programmes Symantec/Norton: AUCUN" } # Section 5: Pilotes non signes Write-Section "PILOTES NON SIGNES OU SUSPECTS" if ($isAdmin) { Write-Host "Recherche des pilotes non signes..." -ForegroundColor Yellow $drivers = Get-WindowsDriver -Online -ErrorAction SilentlyContinue | Where-Object { $_.DriverSignature -ne "Signed" -or $_.ProviderName -like "*Symantec*" -or $_.ProviderName -like "*Norton*" } if ($drivers) { Write-Host "`nPilotes trouves:" -ForegroundColor Yellow $drivers | ForEach-Object { Write-Host " Fichier: $($_.OriginalFileName)" -ForegroundColor White Write-Host " Fournisseur: $($_.ProviderName)" -ForegroundColor White Write-Host " Signature: $($_.DriverSignature)" -ForegroundColor White Write-Host " Version: $($_.Version)" -ForegroundColor White Write-Log "Pilote: $($_.OriginalFileName) - Signature: $($_.DriverSignature)" } } else { Write-Host "Aucun pilote suspect trouve" -ForegroundColor Green Write-Log "Pilotes suspects: AUCUN" } } else { Write-Host "Droits admin requis pour cette section" -ForegroundColor Yellow } # Section 6: Taches planifiees suspectes Write-Section "TACHES PLANIFIEES SYMANTEC/NORTON" $tasks = Get-ScheduledTask -ErrorAction SilentlyContinue | Where-Object { $_.TaskName -like "*Symantec*" -or $_.TaskName -like "*Norton*" -or $_.TaskPath -like "*Symantec*" -or $_.TaskPath -like "*Norton*" } if ($tasks) { Write-Host "Taches planifiees trouvees:" -ForegroundColor Yellow $tasks | ForEach-Object { Write-Host " [$($_.State)] $($_.TaskName)" -ForegroundColor White Write-Host " Chemin: $($_.TaskPath)" -ForegroundColor White Write-Log "Tache planifiee: $($_.TaskName) - State: $($_.State)" } } else { Write-Host "Aucune tache planifiee Symantec/Norton trouvee" -ForegroundColor Green Write-Log "Taches planifiees Symantec/Norton: AUCUNE" } # Section 7: Processus en cours Write-Section "PROCESSUS SYMANTEC/NORTON EN COURS" $processes = Get-Process | Where-Object { $_.ProcessName -like "*Symantec*" -or $_.ProcessName -like "*Norton*" -or $_.ProcessName -like "*ccSvcHst*" -or $_.ProcessName -like "*NortonSecurity*" } if ($processes) { Write-Host "Processus trouves:" -ForegroundColor Yellow $processes | ForEach-Object { Write-Host " Nom: $($_.ProcessName)" -ForegroundColor White Write-Host " PID: $($_.Id)" -ForegroundColor White Write-Host " Memoire: $([math]::Round($_.WorkingSet64/1MB,2)) MB" -ForegroundColor White Write-Log "Processus: $($_.ProcessName) - PID: $($_.Id)" } } else { Write-Host "Aucun processus Symantec/Norton en cours" -ForegroundColor Green Write-Log "Processus Symantec/Norton: AUCUN" } # Section 8: Recommandations Write-Section "RECOMMANDATIONS" if ($driverFound -or $service -or $symantecServices -or $programs -or $tasks -or $processes) { Write-Host "`nActions recommandees:" -ForegroundColor Yellow Write-Host "1. Desinstaller completement Norton/Symantec via Panneau de configuration" -ForegroundColor White Write-Host "2. Utiliser l'outil de suppression officiel Norton:" -ForegroundColor White Write-Host " https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN" -ForegroundColor White Write-Host "3. Si le service SvThANSP existe encore, le desactiver:" -ForegroundColor White Write-Host " sc.exe config SvThANSP start= disabled" -ForegroundColor Cyan Write-Host "4. Puis le supprimer:" -ForegroundColor White Write-Host " sc.exe delete SvThANSP" -ForegroundColor Cyan Write-Host "5. Redemarrer le PC" -ForegroundColor White Write-Log "RECOMMANDATION: Desinstallation Norton/Symantec necessaire" } else { Write-Host "`nAucune trace de Norton/Symantec detectee!" -ForegroundColor Green Write-Host "Le message d'erreur peut provenir d'une installation precedente incomplete." -ForegroundColor Yellow Write-Host "`nPour supprimer definitivement l'erreur au demarrage:" -ForegroundColor White Write-Host "1. Verifier dans Observateur d'evenements (eventvwr.msc)" -ForegroundColor White Write-Host "2. Chercher 'SvThANSP' dans les erreurs systeme" -ForegroundColor White Write-Host "3. Nettoyer le registre avec l'outil Norton Remove and Reinstall" -ForegroundColor White Write-Log "RECOMMANDATION: Nettoyage registre avec outil Norton" } Write-Log "===== FIN AUDIT - SUCCES =====" Write-Host "`n================================================================" -ForegroundColor Green Write-Host "AUDIT TERMINE AVEC SUCCES" -ForegroundColor Green Write-Host "================================================================" -ForegroundColor Green Write-Host "`nFichier log cree:" -ForegroundColor Yellow Write-Host "$LogFile" -ForegroundColor Cyan Write-Host "`nEnvoyez ce fichier via:" -ForegroundColor Yellow Write-Host "https://super.boarder.w-turn.org/utilities/diagnostic.html" -ForegroundColor Cyan Write-Host "`n" } catch { $errmsg = $_.Exception.Message Write-Log "ERREUR GLOBALE: $errmsg" Write-Host "`nERREUR:" -ForegroundColor Red Write-Host $errmsg -ForegroundColor Red Write-Host "`nLog: $LogFile" -ForegroundColor Yellow } Read-Host "Appuyez sur Entree pour quitter"