sak 1 Posted April 24, 2011 (edited) My Script design: For checked virus process at Run in registry. expandcollapse popup#AutoIt3Wrapper_au3check_parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 #NoTrayIcon #include <GuiEdit.au3> #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #Include <File.au3> Opt("MustDeclareVars", 1) Global $hForm, $hEdit, $Button1, $Button2, $title = 'RegVirScan [Hkey Run]' Global $nMsg, $i, $REV, $RR, $Button3, $PID, $starttitle = 'Scanning...', $endtitle = 'Scan completed.' Global $titlemessage = 'Scanning Again. Open log. See message file.log on the desktop.' Global $iconfile = @ScriptDir&'\scan.ico', $readreg, $Button_clear Global $hkeynum = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' Global $hkeyread = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' Global $chklog = 'Can not found File.log' Main() Func Main() $hForm = GUICreate($title, 510, 314, -1, -1) GUISetIcon($iconfile, -1, $hForm) $hEdit = GUICtrlCreateEdit("", 8, 8, 493, 257) $Button1 = GUICtrlCreateButton("Scan", 16, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) $Button2 = GUICtrlCreateButton("Open log", 405, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) $Button_clear = GUICtrlCreateButton("Clear", 320, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) GUICtrlCreateLabel("Design by:sak20102005", 150, 283, 118, 17) GUICtrlSetState(-1, $GUI_DISABLE) GUISetState(@SW_SHOW) _GUICtrlEdit_SetReadOnly($hEdit, True) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE If WinGetTitle($titlemessage) Then For $x = 255 To 0 Step -1 WinSetTrans($titlemessage, "", $x) Sleep(0.9) Next Exit Else ExitLoop EndIf Case $Button1 If GUICtrlRead($hEdit) <> '' Then WinSetTitle($titlemessage,"", $starttitle) $PID = ProcessExists("notepad.exe") If $PID Then ProcessClose($PID) WinSetTitle($title,"", $starttitle) If _GUICtrlEdit_GetText($hEdit) <> '' Then _GUICtrlEdit_SetText($hEdit, '') For $i = 1 to 100 $REV = RegEnumVal($hkeynum, $i) $RR = RegRead($hkeyread, $REV) If @error <> 0 Then ExitLoop _GUICtrlEdit_AppendText($hEdit, @CRLF & 'Value name:'& $REV&@CRLF &'Value data:' & $RR&@CRLF) Sleep(500) Next WinSetTitle($starttitle, "", $endtitle) _FileWriteLog(@DesktopDir & "\RegVirScan.log", _GUICtrlEdit_GetText($hEdit)) Sleep(2000) WinSetTitle($endtitle, "", $titlemessage) Case $Button2 If FileExists(@DesktopDir & "\RegVirScan.log") Then ShellExecute(@DesktopDir & "\RegVirScan.log") Else MsgBox(0, "", $chklog) EndIf Case $Button_clear If GUICtrlRead($hEdit) <> '' Then GUICtrlSetData($hEdit, "") EndSwitch WEnd EndFunc Edited April 24, 2011 by sak Share this post Link to post Share on other sites
JohnOne 1,603 Posted April 24, 2011 Havent you AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Share this post Link to post Share on other sites
Manko 4 Posted April 24, 2011 Won't show you virus... just a list of whats in "localuserrun". Too limited... + Description invites "False Positives"...This is better attempt... Keep working! /Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Share this post Link to post Share on other sites
