public static List <Autorunpoints> StartAudit()
{
var lstAutoRuns = new List <Autorunpoints>();
try
{
// DELAYLOAD
string regModified;
string[] regdl = RegistryUtil.GetSubValueNames("Software\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad", false);
string owner = RegistryUtil.GetMachineRegKeyOwner("Software\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad", false, out regModified);
GetCLSIDDetails(lstAutoRuns, regdl, owner, "ShellServiceObjectDelayLoad", regModified);
// DELAYLOAD 64
regdl = RegistryUtil.GetSubValueNames("Software\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad", true);
owner = RegistryUtil.GetMachineRegKeyOwner("Software\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad", true, out regModified);
GetCLSIDDetails(lstAutoRuns, regdl, owner, "ShellServiceObjectDelayLoad", regModified);
}
catch (Exception)
{
}
return(lstAutoRuns);
}
public static List <Autorunpoints> StartAudit()
{
var lstAutoRuns = new List <Autorunpoints>();
try
{
///// BHO
string regModified;
string[] regbhos = RegistryUtil.GetSubKeys("LocalMachine", "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects", false);
string owner = RegistryUtil.GetMachineRegKeyOwner("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects", false, out regModified);
DelayedLoad.GetCLSIDDetails(lstAutoRuns, regbhos, owner, "Browser Helper Objects", regModified);
///// BHO 64
regbhos = RegistryUtil.GetSubKeys("LocalMachine", "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects", true);
owner = RegistryUtil.GetMachineRegKeyOwner("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects", true, out regModified);
DelayedLoad.GetCLSIDDetails(lstAutoRuns, regbhos, owner, "Browser Helper Objects", regModified);
}
catch (Exception)
{
return(lstAutoRuns);
}
return(lstAutoRuns);
}
