Matt @ MPCS Posted September 23, 2004 Share Posted September 23, 2004 (edited) Since the topic has been brought up in support, I decided to write a little script that catagorizes the items in your run (startup) keys on a report. It is catagorized based on the items listed here. It is no where near perfect but it is a start. I hope this proves useful.Note: You will need to download startuplist.ini from the link listed above, and place it in the scripts home directory. Here is the code:expandcollapse popupDim $i, $j, $end ; After Copying.. place this string back on a single line Dim $RegString = "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HKLM\Software\ Microsoft\Windows\CurrentVersion\RunOnce|HKLM\Software\Microsoft\Windows\ CurrentVersion\RunServices|HKCU\Software\Microsoft\Windows\CurrentVersion\ Run|HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" Dim $tmpArray Dim $tmpValue, $tmpIniRead Dim $Y, $N, $U, $X, $Q Dim $file $j = 0 $tmpArray = StringSplit( $RegString, "|" ) For $i = 1 to ($tmpArray[0] - 1) Do $j = $j + 1 $tmpValue = RegEnumVal( $tmpArray[$i], $j ) If @error = -1 Then msgbox(0, "", "End of: " & $tmpArray[$i]) $end = 1 Else $tmpIniRead = IniRead( "startuplist.ini", $tmpValue, "Confirmed", "?" ) Select Case $tmpIniRead = "Y"; Normally leave to run at startup If $Y <> "" Then $Y = $Y & "|" & $tmpValue Else $Y = $tmpValue EndIf Case $tmpIniRead = "N"; Not required If $N <> "" Then $N = $N & "|" & $tmpValue Else $N = $tmpValue EndIf Case $tmpIniRead = "U"; User determined If $U <> "" Then $U = $U & "|" & $tmpValue Else $U = $tmpValue EndIf Case $tmpIniRead = "X"; Definitly not required If $X <> "" Then $X = $X & "|" & $tmpValue Else $X = $tmpValue EndIf Case $tmpIniRead = "?"; Unknown If $Q <> "" Then $Q = $Q & "|" & $tmpValue Else $Q = $tmpValue EndIf EndSelect EndIf Until $end = 1 $j=0 Next $file = FileOpen( @DesktopDir & "\Startup.log", 1 ) $tmpArray = StringSplit( $Y, "|" ) FileWriteLine( $file, " Needed Processes " ) FileWriteLine( $file, "------------------" ) For $i = 1 to $tmpArray[0] FileWriteLine( $file, $tmpArray[$i] ) Next FileWriteLine( $file, "" ) $tmpArray = StringSplit( $N, "|" ) FileWriteLine( $file, " Not Needed Processes " ) FileWriteLine( $file, "----------------------" ) For $i = 1 to $tmpArray[0] FileWriteLine( $file, $tmpArray[$i] ) Next FileWriteLine( $file, "" ) $tmpArray = StringSplit( $U, "|" ) FileWriteLine( $file, " User Determined Processes " ) FileWriteLine( $file, "---------------------------" ) For $i = 1 to $tmpArray[0] FileWriteLine( $file, $tmpArray[$i] ) Next FileWriteLine( $file, "" ) $tmpArray = StringSplit( $X, "|" ) FileWriteLine( $file, " Dangerous Processes " ) FileWriteLine( $file, "---------------------" ) For $i = 1 to $tmpArray[0] FileWriteLine( $file, $tmpArray[$i] ) Next FileWriteLine( $file, "" ) $tmpArray = StringSplit( $Q, "|" ) FileWriteLine( $file, " Unknown Processes " ) FileWriteLine( $file, "-------------------" ) For $i = 1 to $tmpArray[0] FileWriteLine( $file, $tmpArray[$i] ) NextI haven't taken the time to clean it up yet and comment it but it works (at least it does for me). Thanks guys!*** Matt @ MPCS Edited September 23, 2004 by Matt @ MPCS Link to comment Share on other sites More sharing options...
t0ddie Posted September 23, 2004 Share Posted September 23, 2004 what link? i dont see a link Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you. Link to comment Share on other sites More sharing options...
Matt @ MPCS Posted September 23, 2004 Author Share Posted September 23, 2004 Look harder its there... Link to comment Share on other sites More sharing options...
emmanuel Posted September 23, 2004 Share Posted September 23, 2004 Look harder its there... <{POST_SNAPBACK}>that could be a handy tool for tracking down some of the less illusive spyware, thanks alot! Worked for me, without a hitch. "I'm not even supposed to be here today!" -Dante (Hicks) Link to comment Share on other sites More sharing options...
Matt @ MPCS Posted September 23, 2004 Author Share Posted September 23, 2004 Right now it only does exact text matches, but if AutoIt ever supports RegEx it could be a lot more useful. *** Matt @ MPCS Link to comment Share on other sites More sharing options...
t0ddie Posted September 23, 2004 Share Posted September 23, 2004 sweet. i dont even include startuplist.ini lists all the stuff that starts up matt, you do good work i am unworthy of this code, its much too good for me. thanks!!! sorry if i was being annoying.. your humble servant ~Todd Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now