Sunday, August 8, 2010
The following scripts or batch files have been written to perform various logging functions or deletions.
They can be used as they are or modified to suit the requirements of the log.
In IE click the link to the script to download.
In Firefox, Right Click and choose "Save as"
ExpPOL.cmd This script exports the Windows policies entries from both HKCU and HKLM to a text file and opens the file for a user to post to the malware forum. To run this script, Bobbi Flekman's SWREG.exe is required. Have the user downoad SWREG.exe to their root drive, and the .cmd file to their desktop.
ExpWLN.cmd This script exports the Win Logon key to a text file and opens it for the user to post. To run this script, the user should download it to Desktop and double click the .cmd file. No additional programs are required.
This script is an example of a method for repairing modified Policy values. A before and after text report is produced to show the contents of the Policy keys.
I would modify the deletions after using ExpPOL.cmd to check what restrictions had been made. Bobbi Flekman's SWREG.exe is required.