Jump to content
Sign in to follow this  
Matt @ MPCS

Catagorized startup report

Recommended Posts

Matt @ MPCS

Since the topic has been brought up in support, I decided to write a little script that catagorizes the items in your run (startup) keys on a report. It is catagorized based on the items listed here. It is no where near perfect but it is a start. I hope this proves useful.

Note: You will need to download startuplist.ini from the link listed above, and place it in the scripts home directory.

Here is the code:

Dim $i, $j, $end
; After Copying.. place this string back on a single line
Dim $RegString = "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HKLM\Software\
Microsoft\Windows\CurrentVersion\RunOnce|HKLM\Software\Microsoft\Windows\
CurrentVersion\RunServices|HKCU\Software\Microsoft\Windows\CurrentVersion\
Run|HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce"
Dim $tmpArray
Dim $tmpValue, $tmpIniRead
Dim $Y, $N, $U, $X, $Q
Dim $file

$j = 0

$tmpArray = StringSplit( $RegString, "|" )

For $i = 1 to ($tmpArray[0] - 1)
   Do
      $j = $j + 1
      
      $tmpValue = RegEnumVal( $tmpArray[$i], $j )
   
      If @error = -1 Then
         msgbox(0, "", "End of: " & $tmpArray[$i])
         $end = 1
      Else
         $tmpIniRead = IniRead( "startuplist.ini", $tmpValue, "Confirmed", "?" ) 
         
         Select
            Case $tmpIniRead = "Y"; Normally leave to run at startup
               If $Y <> "" Then
                  $Y = $Y & "|" & $tmpValue
               Else
                  $Y = $tmpValue
               EndIf

            Case $tmpIniRead = "N"; Not required
               If $N <> "" Then
                  $N = $N & "|" & $tmpValue
               Else
                  $N = $tmpValue
               EndIf

            Case $tmpIniRead = "U"; User determined
               If $U <> "" Then
                  $U = $U & "|" & $tmpValue
               Else
                  $U = $tmpValue
               EndIf

            Case $tmpIniRead = "X"; Definitly not required
               If $X <> "" Then
                  $X = $X & "|" & $tmpValue
               Else
                  $X = $tmpValue
               EndIf

            Case $tmpIniRead = "?"; Unknown
               If $Q <> "" Then
                  $Q = $Q & "|" & $tmpValue
               Else
                  $Q = $tmpValue
               EndIf

         EndSelect
         
      EndIf 
      
   Until $end = 1

   $j=0

Next
   
$file = FileOpen( @DesktopDir & "\Startup.log", 1 )

$tmpArray = StringSplit( $Y, "|" )
FileWriteLine( $file, " Needed Processes " )
FileWriteLine( $file, "------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

FileWriteLine( $file, "" )

$tmpArray = StringSplit( $N, "|" )
FileWriteLine( $file, " Not Needed Processes " )
FileWriteLine( $file, "----------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

FileWriteLine( $file, "" )
  
$tmpArray = StringSplit( $U, "|" )
FileWriteLine( $file, " User Determined Processes " )
FileWriteLine( $file, "---------------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

FileWriteLine( $file, "" )

$tmpArray = StringSplit( $X, "|" )
FileWriteLine( $file, " Dangerous Processes " )
FileWriteLine( $file, "---------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

FileWriteLine( $file, "" )

$tmpArray = StringSplit( $Q, "|" )
FileWriteLine( $file, " Unknown Processes " )
FileWriteLine( $file, "-------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

I haven't taken the time to clean it up yet and comment it but it works (at least it does for me). Thanks guys!

*** Matt @ MPCS

Edited by Matt @ MPCS

Share this post


Link to post
Share on other sites
t0ddie

what link? i dont see a link


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites
Matt @ MPCS

Look harder its there...

Share this post


Link to post
Share on other sites
emmanuel

Look harder its there...

<{POST_SNAPBACK}>

that could be a handy tool for tracking down some of the less illusive spyware, thanks alot! Worked for me, without a hitch.

"I'm not even supposed to be here today!" -Dante (Hicks)

Share this post


Link to post
Share on other sites
Matt @ MPCS

Right now it only does exact text matches, but if AutoIt ever supports RegEx it could be a lot more useful.

*** Matt @ MPCS

Share this post


Link to post
Share on other sites
t0ddie

sweet. i dont even include startuplist.ini

lists all the stuff that starts up

matt, you do good work

i am unworthy of this code, its much too good for me. thanks!!!

sorry if i was being annoying..

your humble servant

~Todd


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×