# ============================================================================== # DIAGNOSE-SvThANSP.PS1 - DIAGNOSTIC APPROFONDI # ============================================================================== # Trouve EXACTEMENT d'ou vient l'erreur SvThANSP.sys au demarrage # Analyse les zones que CCleaner ne touche pas # ============================================================================== #Requires -Version 5.1 #Requires -RunAsAdministrator $ErrorActionPreference = "Continue" $logPath = "$env:TEMP\Diagnose-SvThANSP-$(Get-Date -Format 'yyyyMMdd-HHmmss').log" function Write-Log { param([string]$Message, [string]$Color = "White") $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" "[$timestamp] $Message" | Out-File -FilePath $logPath -Append -Encoding UTF8 Write-Host $Message -ForegroundColor $Color } function Write-Section { param([string]$Title) $separator = "="*80 Write-Host "`n$separator" -ForegroundColor Cyan Write-Host " $Title" -ForegroundColor Cyan Write-Host "$separator" -ForegroundColor Cyan Write-Log "`n$separator" Write-Log " $Title" } Clear-Host Write-Host "="*80 -ForegroundColor Cyan Write-Host " DIAGNOSTIC APPROFONDI - SvThANSP.sys" -ForegroundColor White Write-Host "="*80 -ForegroundColor Cyan Write-Host "" Write-Log "=== DEBUT DIAGNOSTIC APPROFONDI ===" "Yellow" Write-Log "Machine: $env:COMPUTERNAME" Write-Log "Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')" $foundIssues = @() # Section 1: Journal des evenements systeme (CRITIQUE) Write-Section "ANALYSE JOURNAL EVENEMENTS SYSTEME" Write-Host "Recherche erreurs SvThANSP dans les 7 derniers jours..." -ForegroundColor Yellow try { $events = Get-WinEvent -FilterHashtable @{ LogName = 'System' StartTime = (Get-Date).AddDays(-7) } -ErrorAction SilentlyContinue | Where-Object { $_.Message -like "*SvThANSP*" -or $_.Message -like "*Symantec*" } if ($events) { Write-Host "`n[TROUVE] $($events.Count) evenement(s) lies a SvThANSP:" -ForegroundColor Yellow foreach ($event in $events | Select-Object -First 5) { Write-Host "`n ID Evenement: $($event.Id)" -ForegroundColor White Write-Host " Niveau: $($event.LevelDisplayName)" -ForegroundColor $(if($event.Level -eq 2){'Red'}else{'Yellow'}) Write-Host " Date: $($event.TimeCreated)" -ForegroundColor White Write-Host " Source: $($event.ProviderName)" -ForegroundColor White Write-Host " Message: $($event.Message.Substring(0, [Math]::Min(200, $event.Message.Length)))..." -ForegroundColor Gray Write-Log "EVENEMENT: ID=$($event.Id) Niveau=$($event.LevelDisplayName) Source=$($event.ProviderName)" Write-Log " Message: $($event.Message)" $foundIssues += "Event ID $($event.Id) - $($event.ProviderName)" } } else { Write-Host "[OK] Aucun evenement recent trouve" -ForegroundColor Green Write-Log "Evenements: AUCUN" } } catch { Write-Host "[WARN] Impossible de lire le journal: $($_.Exception.Message)" -ForegroundColor Yellow } # Section 2: Filtres de classe (UpperFilters/LowerFilters) Write-Section "FILTRES DE CLASSE (UpperFilters/LowerFilters)" Write-Host "Analyse des filtres de pilotes..." -ForegroundColor Yellow $classGuids = @( "{4d36e96c-e325-11ce-bfc1-08002be10318}", # Net "{4d36e972-e325-11ce-bfc1-08002be10318}", # Network Adapter "{4d36e973-e325-11ce-bfc1-08002be10318}", # USB "{4d36e967-e325-11ce-bfc1-08002be10318}", # Disk "{71a27cdd-812a-11d0-bec7-08002be2092f}" # Volume ) foreach ($guid in $classGuids) { $path = "HKLM:\SYSTEM\CurrentControlSet\Control\Class\$guid" if (Test-Path $path) { $upperFilters = (Get-ItemProperty -Path $path -Name "UpperFilters" -ErrorAction SilentlyContinue).UpperFilters $lowerFilters = (Get-ItemProperty -Path $path -Name "LowerFilters" -ErrorAction SilentlyContinue).LowerFilters if ($upperFilters -contains "SvThANSP" -or $lowerFilters -contains "SvThANSP") { Write-Host "`n[TROUVE] Reference SvThANSP dans $guid" -ForegroundColor Red if ($upperFilters -contains "SvThANSP") { Write-Host " UpperFilters: $($upperFilters -join ', ')" -ForegroundColor Yellow Write-Log "TROUVE UpperFilters SvThANSP dans $guid" $foundIssues += "UpperFilters dans $guid" } if ($lowerFilters -contains "SvThANSP") { Write-Host " LowerFilters: $($lowerFilters -join ', ')" -ForegroundColor Yellow Write-Log "TROUVE LowerFilters SvThANSP dans $guid" $foundIssues += "LowerFilters dans $guid" } } } } if ($foundIssues.Count -eq 0) { Write-Host "[OK] Aucun filtre SvThANSP trouve" -ForegroundColor Green } # Section 3: ELAM (Early Launch Anti-Malware) Write-Section "ELAM - EARLY LAUNCH ANTI-MALWARE" Write-Host "Verification pilotes ELAM..." -ForegroundColor Yellow $elamPath = "HKLM:\SYSTEM\CurrentControlSet\Control\EarlyLaunch" if (Test-Path $elamPath) { $elamDrivers = Get-ChildItem -Path $elamPath -ErrorAction SilentlyContinue foreach ($driver in $elamDrivers) { if ($driver.PSChildName -like "*SvThANSP*" -or $driver.PSChildName -like "*Symantec*") { Write-Host "[TROUVE] Pilote ELAM: $($driver.PSChildName)" -ForegroundColor Red Write-Log "TROUVE ELAM: $($driver.PSChildName)" $foundIssues += "ELAM: $($driver.PSChildName)" } } } # Section 4: Boot Start Drivers Write-Section "BOOT START DRIVERS" Write-Host "Recherche pilotes de demarrage..." -ForegroundColor Yellow $bootDrivers = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\*" -ErrorAction SilentlyContinue | Where-Object { $_.Start -eq 0 -and ($_.PSChildName -like "*SvThANSP*" -or $_.DisplayName -like "*Symantec*") } if ($bootDrivers) { Write-Host "[TROUVE] Pilote(s) de demarrage:" -ForegroundColor Red foreach ($driver in $bootDrivers) { Write-Host " Nom: $($driver.PSChildName)" -ForegroundColor Yellow Write-Host " Type: Boot Start (0)" -ForegroundColor Yellow Write-Log "TROUVE Boot Driver: $($driver.PSChildName)" $foundIssues += "Boot Driver: $($driver.PSChildName)" } } else { Write-Host "[OK] Aucun pilote de demarrage SvThANSP" -ForegroundColor Green } # Section 5: PnP (Plug and Play) Write-Section "PNP - PLUG AND PLAY" Write-Host "Analyse base PnP..." -ForegroundColor Yellow $pnpPath = "HKLM:\SYSTEM\CurrentControlSet\Enum" $pnpFound = $false try { Get-ChildItem -Path $pnpPath -Recurse -ErrorAction SilentlyContinue | ForEach-Object { $service = (Get-ItemProperty -Path $_.PSPath -Name "Service" -ErrorAction SilentlyContinue).Service if ($service -eq "SvThANSP") { Write-Host "[TROUVE] Device PnP avec service SvThANSP:" -ForegroundColor Red Write-Host " $($_.PSPath)" -ForegroundColor Yellow Write-Log "TROUVE PnP: $($_.PSPath)" $foundIssues += "PnP Device: $($_.PSPath)" $pnpFound = $true } } } catch { Write-Host "[INFO] Analyse PnP limitee (normal)" -ForegroundColor Gray } if (-not $pnpFound) { Write-Host "[OK] Aucun peripherique PnP lie a SvThANSP" -ForegroundColor Green } # Section 6: DriverStore Write-Section "DRIVERSTORE" Write-Host "Analyse DriverStore..." -ForegroundColor Yellow $driverStorePath = "$env:SystemRoot\System32\DriverStore\FileRepository" if (Test-Path $driverStorePath) { $found = Get-ChildItem -Path $driverStorePath -Recurse -Filter "*SvThANSP*" -ErrorAction SilentlyContinue if ($found) { Write-Host "[TROUVE] Fichiers dans DriverStore:" -ForegroundColor Red foreach ($file in $found) { Write-Host " $($file.FullName)" -ForegroundColor Yellow Write-Log "TROUVE DriverStore: $($file.FullName)" $foundIssues += "DriverStore: $($file.Name)" } } else { Write-Host "[OK] Aucun fichier SvThANSP dans DriverStore" -ForegroundColor Green } } # Section 7: INF Cache Write-Section "INF CACHE" Write-Host "Verification cache INF..." -ForegroundColor Yellow $infPath = "$env:SystemRoot\INF" $infFiles = Get-ChildItem -Path $infPath -Filter "oem*.inf" -ErrorAction SilentlyContinue foreach ($inf in $infFiles) { $content = Get-Content $inf.FullName -ErrorAction SilentlyContinue if ($content -like "*SvThANSP*" -or $content -like "*Symantec*") { Write-Host "[TROUVE] Reference dans $($inf.Name)" -ForegroundColor Red Write-Log "TROUVE INF: $($inf.FullName)" $foundIssues += "INF: $($inf.Name)" } } # Section 8: SetupAPI logs Write-Section "SETUPAPI LOGS" Write-Host "Analyse logs d'installation..." -ForegroundColor Yellow $setupLogs = @( "$env:SystemRoot\INF\setupapi.dev.log", "$env:SystemRoot\INF\setupapi.app.log" ) foreach ($logFile in $setupLogs) { if (Test-Path $logFile) { $recentLines = Get-Content $logFile -Tail 500 -ErrorAction SilentlyContinue | Where-Object { $_ -like "*SvThANSP*" } if ($recentLines) { Write-Host "[INFO] References dans $(Split-Path $logFile -Leaf):" -ForegroundColor Yellow Write-Host " $($recentLines.Count) lignes trouvees (derniere: $(($recentLines | Select-Object -Last 1).Substring(0, [Math]::Min(80, $recentLines[-1].Length))))" -ForegroundColor Gray Write-Log "SetupAPI log: $($recentLines.Count) references" } } } # Section 9: Commande PNPUtil Write-Section "PNPUTIL - PILOTES TIERS" Write-Host "Liste des pilotes tiers installes..." -ForegroundColor Yellow try { $pnpUtil = & pnputil /enum-drivers 2>&1 $svthLines = $pnpUtil | Select-String -Pattern "SvThANSP|Symantec" -Context 2,2 if ($svthLines) { Write-Host "[TROUVE] Pilote reference par PnPUtil:" -ForegroundColor Red $svthLines | ForEach-Object { Write-Host $_.Line -ForegroundColor Yellow Write-Log "PnPUtil: $($_.Line)" } $foundIssues += "PnPUtil: Package tiers present" } else { Write-Host "[OK] Aucun package pilote SvThANSP" -ForegroundColor Green } } catch { Write-Host "[WARN] Impossible d'executer pnputil" -ForegroundColor Yellow } # Section 10: Recommandations Write-Section "DIAGNOSTIC - RESULTATS" if ($foundIssues.Count -gt 0) { Write-Host "`n[RESULTAT] $($foundIssues.Count) probleme(s) detecte(s):" -ForegroundColor Red Write-Host "" for ($i = 0; $i -lt $foundIssues.Count; $i++) { Write-Host " $($i+1). $($foundIssues[$i])" -ForegroundColor Yellow } Write-Log "`nPROBLEMES DETECTES: $($foundIssues.Count)" Write-Host "`n" + "="*80 -ForegroundColor Cyan Write-Host " SOLUTION RECOMMANDEE" -ForegroundColor White Write-Host "="*80 -ForegroundColor Cyan Write-Host "" # Determiner la solution if ($foundIssues -like "*UpperFilters*" -or $foundIssues -like "*LowerFilters*") { Write-Host "[SOLUTION] Nettoyer les filtres de classe avec Clean-SvThANSP.ps1" -ForegroundColor Cyan } if ($foundIssues -like "*PnPUtil*" -or $foundIssues -like "*DriverStore*") { Write-Host "[SOLUTION] Supprimer le package pilote:" -ForegroundColor Cyan Write-Host " pnputil /delete-driver oem.inf /uninstall /force" -ForegroundColor Gray } if ($foundIssues -like "*Boot Driver*") { Write-Host "[SOLUTION] Desactiver le service de demarrage:" -ForegroundColor Cyan Write-Host " sc.exe config SvThANSP start= disabled" -ForegroundColor Gray Write-Host " sc.exe delete SvThANSP" -ForegroundColor Gray } if ($foundIssues -like "*ELAM*") { Write-Host "[SOLUTION] Supprimer le pilote ELAM du registre (Clean-SvThANSP.ps1)" -ForegroundColor Cyan } if ($foundIssues -like "*Event*") { Write-Host "[INFO] Verifier les details de l'evenement dans le log" -ForegroundColor Cyan } } else { Write-Host "`n[SURPRENANT] Aucun probleme detecte !" -ForegroundColor Yellow Write-Host "" Write-Host "Deux possibilites:" -ForegroundColor White Write-Host "1. L'erreur a ete resolue (verifier au prochain demarrage)" -ForegroundColor Gray Write-Host "2. L'erreur provient d'un autre composant qui reference SvThANSP" -ForegroundColor Gray Write-Host "" Write-Host "Recommandations:" -ForegroundColor Cyan Write-Host " - Executer: sfc /scannow" -ForegroundColor Gray Write-Host " - Executer: DISM /Online /Cleanup-Image /RestoreHealth" -ForegroundColor Gray Write-Log "RESULTAT: Aucun probleme detecte - Recommande SFC/DISM" } Write-Log "`n=== FIN DIAGNOSTIC ===" Write-Host "`n$('='*80)" -ForegroundColor Cyan Write-Host "Log sauvegarde: $logPath" -ForegroundColor Yellow Write-Host "$('='*80)" -ForegroundColor Cyan Write-Host "" Write-Host "Appuyez sur une touche pour fermer..." $null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")