AlexSSS
Advanced Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору der идея должна быть понятна, сам скрипт может сразу не заработать - у меня это несколько скриптов, здесь я слил в один то, что вроде достаточно по твоему вопросу реально скрипт можно еще сократить в несколько раз, у меня он делает еще какие-то вещи, сейчас просто нет времени упрощать его самому Код: ; *********************************************************************** ; Defined global variables for all scripts ; *********************************************************************** GLOBAL $CR, $PathLog, $PathAddFirm, $TAB, $TAB2, $Level, $TAB3, $TAB4, $PrimaryGroup GLOBAL $LogHeader GLOBAL $LogServer $LogServer = "Files" $PathLog = "\\$LogServer\Logs\" $PathAddFirm = "" $CR = Chr(13) + Chr(10) $TAB = Chr(9) $TAB2 = $TAB+$TAB $TAB3 = $TAB+$TAB+$TAB $TAB4 = $TAB+$TAB+$TAB+$TAB $PrimaryGroup = UCase($FirmGroup) $PathAddFirm = $PrimaryGroup+"\" $LogDir = $PathLog+"run\" IF EXIST($LogDir)=0 MD $LogDir ENDIF $LogSoft = $PathLog+"run\" $LogSoft = $LogSoft+@WKSTA+'.log' IF EXIST($LogSoft)=1 DEL $LogSoft ENDIF IF EXIST($LogSoft)=1 EXIT ENDIF $LogHeader = substr(@UserID+' ',1,10)+$TAB+SubStr(@WKSTA+' ',1,15)+$TAB+@DATE+" "+@TIME+$Tab+SubStr(@FullName+' ',1,22)+$TAB+@ProductType $LogHeader2 = @DATE+" "+@TIME+$Tab+@WKSTA+$TAB+@UserID+$TAB+@FullName+$TAB+@ProductType+$TAB $Alert = 0 $LogErr = 0 $LogErr = File_Open(3,$logSoft) $LogErr = WriteLine(3,$LogHeader+$CR+$CR) $LogErr = File_Open(4,$LogDir+"_illegal.log") $LogErr = File_Open(5,$LogDir+"_warning.log") $Run = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\" $Result = ver_registry_tree() $Run = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" $Result = ver_registry_tree() $Run = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\" $Result = ver_registry_tree() ; Installed Soft $LogErr = WriteLine(3, '---------------------'+$CR) $LogErr = WriteLine(3, 'Installed Soft'+$CR) $LogErr = WriteLine(3, '---------------------'+$CR) $Index = 0 $Uninstal = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\" $KeyName = ENUMKEY($Uninstal, $Index) WHILE $KeyName<>"" $KeyName = ENUMKEY($Uninstal, $Index) IF EXISTKEY($Uninstal+$KeyName+'\DisplayName') $SoftName = ReadValue($Uninstal+$KeyName,'DisplayName') IF $SoftName<>"" SELECT CASE INSTR($SoftName, "Windows XP Hotfix") CASE INSTR($SoftName, "Windows 2000 Hotfix") CASE INSTR($SoftName, "Пакет исправлений для Windows XP") CASE 0=0 $LogErr = WriteLine(3, $SoftName+$CR) ENDSELECT ENDIF ENDIF $Index = $Index + 1 LOOP $LogErr = close(3) $LogErr = Close(4) $LogErr = Close(5) If @INWIN=2 and $Alert>0 Dim $lm_run, $lm_run_text $lm_run = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce' $lm_run_text = '\\files\netlogon\k_run.bat' $ERR = WriteValue ($lm_run, "Remove viruses and spyware", $lm_run_text, REG_SZ) ENDIF EXIT function ver_registry_tree $Index = 0 $LogErr = WriteLine(3, $Run+$CR) $KeyName = "1" WHILE $KeyName<>"" $KeyName = ENUMvalue($Run, $Index) $SoftName= ReadValue($Run,$KeyName) $SumKey = $KeyName+$TAB+$TAB+$SoftName $LogErr = WriteLine(3, $SumKey+$CR) $LogErr = WriteLine(7, $LogHeader2+$Run+$Tab+$KeyName+$Tab+$SoftName+$CR) $LogErr = WriteLine(8, $LogHeader2+$Run+$Tab+$KeyName+$Tab+$SoftName+$CR) $SumKeyL= lcase($SumKey) $LogErr = ver_key() $Index = $Index + 1 LOOP EndFunction function ver_key() SELECT CASE INSTR($SumKeyL, "hidn.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "5-1-63-4.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "hldrrr.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "anti_troj") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "wintems.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "_exe.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "wiwshost") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "firewall_anti") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "mscnf.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "sysbho.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "syshost") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "audcntr.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "mousecntl.exe") $LogErr = del_key_and_file() CASE INSTR($SumKeyL, "template script") $LogErr = del_key() CASE INSTR($SumKeyL, "norten.pif") $LogErr = del_key() ENDSELECT EndFunction function del_key() $err=DelValue($run,$KeyName) $LogErr = WriteLine(4, $LogHeader+chr(9)+$SumKey+$CR) EndFunction function del_key_and_file() IF exist($SoftName) SHELL "attrib $SoftName -s -h -r" DEL $SoftName ENDIF $err = DelValue($run,$KeyName) $LogErr = WriteLine(5, $LogHeader+chr(9)+$SumKey+$CR) $Alert = $Alert+1 EndFunction Function File_open($handle, $file) $res = Open($handle,$file,1) $res = Close($handle) $res = Open($handle,$file,4) EndFunction |
|