reading another thread in the adware/spyware forum gave me an idea for a network scanner run by a batch file that just shows you what you dont already know about using the rpc tool pslist.exe. this should be helpful in catching unauthorized software including spyware before its out of hand. its not a marvel of programming or meant to replace any other means of detection or protection it's just something i did for fun and to share. i know there are big bucks apps that do this but i like free. maybe someone has a better idea or would like to improve on this one and share with us.

if speed is not an issue and its a small network this batch file will scan a win2k network using pslist.exe from and list all the process that are not amoung those given in it. you can edit to include allowed apps without it affecting it if they are not running. its written to run on a singel computer to illustrate how it works but changing whats remarked out "REM" will change it to run on a network. just run it and go on with something else. the results will pop-up when its finished its run

pslist should be in the search path of course

echo off
REM net view >network REM un-rem for network
echo %computername% >network REM rem out for network use
echo. >results
pslist %1 >looksee.bat
echo call find /V /I "CISVC" temp ^>temp2 >>looksee.bat
echo call find /V /I "SPOOLSV" temp2 ^>temp3 >>looksee.bat
echo call find /V /I "msgsys" temp3 ^>temp4 >>looksee.bat
echo call find /V /I "lsass" temp4 ^>temp5 >>looksee.bat
echo call find /V /I "SVCHOST" temp5 ^>temp6 >>looksee.bat
echo call find /V /I "services" temp6 ^>temp7 >>looksee.bat
echo call find /V /I "system" temp7 ^>temp8 >>looksee.bat
echo call find /V /I "winlogon" temp8 ^>temp9 >>looksee.bat
echo call find /V /I "smss" temp9 ^>temp10 >>looksee.bat
echo call find /V /I "Explorer" temp10 ^>temp11 >>looksee.bat
echo call find /V /I "Fast" temp11 ^>temp12 >>looksee.bat
echo call find /V /I "---------- TEMP" temp12 ^>results >>looksee.bat
for /F "tokens=1" %%X IN (network) do call looksee.bat %%X
del temp*
start notepad results

each 'find' of course coud be piped into the next and avoid all the temp files but that would just make it harder to follow