Sign in to follow this  
Followers 0
Matt @ MPCS

Catagorized startup report

6 posts in this topic

#1 ·  Posted (edited)

Since the topic has been brought up in support, I decided to write a little script that catagorizes the items in your run (startup) keys on a report. It is catagorized based on the items listed here. It is no where near perfect but it is a start. I hope this proves useful.

Note: You will need to download startuplist.ini from the link listed above, and place it in the scripts home directory.

Here is the code:

Dim $i, $j, $end
; After Copying.. place this string back on a single line
Dim $RegString = "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HKLM\Software\
Microsoft\Windows\CurrentVersion\RunOnce|HKLM\Software\Microsoft\Windows\
CurrentVersion\RunServices|HKCU\Software\Microsoft\Windows\CurrentVersion\
Run|HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce"
Dim $tmpArray
Dim $tmpValue, $tmpIniRead
Dim $Y, $N, $U, $X, $Q
Dim $file

$j = 0

$tmpArray = StringSplit( $RegString, "|" )

For $i = 1 to ($tmpArray[0] - 1)
   Do
      $j = $j + 1
      
      $tmpValue = RegEnumVal( $tmpArray[$i], $j )
   
      If @error = -1 Then
         msgbox(0, "", "End of: " & $tmpArray[$i])
         $end = 1
      Else
         $tmpIniRead = IniRead( "startuplist.ini", $tmpValue, "Confirmed", "?" ) 
         
         Select
            Case $tmpIniRead = "Y"; Normally leave to run at startup
               If $Y <> "" Then
                  $Y = $Y & "|" & $tmpValue
               Else
                  $Y = $tmpValue
               EndIf

            Case $tmpIniRead = "N"; Not required
               If $N <> "" Then
                  $N = $N & "|" & $tmpValue
               Else
                  $N = $tmpValue
               EndIf

            Case $tmpIniRead = "U"; User determined
               If $U <> "" Then
                  $U = $U & "|" & $tmpValue
               Else
                  $U = $tmpValue
               EndIf

            Case $tmpIniRead = "X"; Definitly not required
               If $X <> "" Then
                  $X = $X & "|" & $tmpValue
               Else
                  $X = $tmpValue
               EndIf

            Case $tmpIniRead = "?"; Unknown
               If $Q <> "" Then
                  $Q = $Q & "|" & $tmpValue
               Else
                  $Q = $tmpValue
               EndIf

         EndSelect
         
      EndIf 
      
   Until $end = 1

   $j=0

Next
   
$file = FileOpen( @DesktopDir & "\Startup.log", 1 )

$tmpArray = StringSplit( $Y, "|" )
FileWriteLine( $file, " Needed Processes " )
FileWriteLine( $file, "------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

FileWriteLine( $file, "" )

$tmpArray = StringSplit( $N, "|" )
FileWriteLine( $file, " Not Needed Processes " )
FileWriteLine( $file, "----------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

FileWriteLine( $file, "" )
  
$tmpArray = StringSplit( $U, "|" )
FileWriteLine( $file, " User Determined Processes " )
FileWriteLine( $file, "---------------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

FileWriteLine( $file, "" )

$tmpArray = StringSplit( $X, "|" )
FileWriteLine( $file, " Dangerous Processes " )
FileWriteLine( $file, "---------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

FileWriteLine( $file, "" )

$tmpArray = StringSplit( $Q, "|" )
FileWriteLine( $file, " Unknown Processes " )
FileWriteLine( $file, "-------------------" )
For $i = 1 to $tmpArray[0]
   FileWriteLine( $file, $tmpArray[$i] )
Next

I haven't taken the time to clean it up yet and comment it but it works (at least it does for me). Thanks guys!

*** Matt @ MPCS

Edited by Matt @ MPCS

Share this post


Link to post
Share on other sites



what link? i dont see a link


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

Look harder its there...

Share this post


Link to post
Share on other sites

Look harder its there...

<{POST_SNAPBACK}>

that could be a handy tool for tracking down some of the less illusive spyware, thanks alot! Worked for me, without a hitch.

"I'm not even supposed to be here today!" -Dante (Hicks)

Share this post


Link to post
Share on other sites

Right now it only does exact text matches, but if AutoIt ever supports RegEx it could be a lot more useful.

*** Matt @ MPCS

Share this post


Link to post
Share on other sites

sweet. i dont even include startuplist.ini

lists all the stuff that starts up

matt, you do good work

i am unworthy of this code, its much too good for me. thanks!!!

sorry if i was being annoying..

your humble servant

~Todd


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0