I created a parser for SystemLookup.com, which is a really useful site, especially for malware fighters. It has information about files, drivers, startup entries, etc. of Windows systems and helps you to determine if an entry is malicious or legit.
The tool that I wrote queries SystemLookup.com, so you can use the website on your command line.
Download: https://github.com/katjahahn/SystemLookup/archive/master.zipInstallation: Install the package to your system via
python setup.py installUsage: 
E.g. search for autostart entry with name "lsass"
python systemlookup.py --list O4 -t name "lsass"Perform a global search in all lists for the same entry:
python systemlookup.py -t name "lsass"Example Output: This example makes a global search for all items with the filename "explore.exe" (commonly used name by malicious files)
> python systemlookup.py -t filename "explore.exe"
ShellExecuteHooks: no results
DPF ActiveX Installs: no results
Firefox Extensions: no results
Drivers: no results
------------------------
|| List: Active Setup ||
------------------------
(no name), X
------------
CLSID: {58MW02OU-BMMR-28DK-874N-UT76IGAYQ03F}
Filename: explore.exe
Description: Infostealer trojan, see here
(no name), X
------------
CLSID: {PD2P6745-0SUE-8QQ6-PQ1K-1TD4F7S47FGU}
Filename: explore.exe
Description: Infostealer trojan, see here
(no name), X
------------
CLSID: {ATDQTSLC-35HK-VGUU-82PT-0G1S5SD5L854}
Filename: explore.exe
Description: Infostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see here
(no name), X
------------
CLSID: {MXWW416X-40N0-12B0-D858-5A1E1HS5NCWS}
Filename: explore.exe
Description: Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here
(no name), X
------------
CLSID: {DABBE4EE-FDE1-AC12-D536-A9CAAEC7DBFB}
Filename: explore.exe
Description: Infostealer trojan, detected by Microsoft as Worm:Win32/Ainslot.A - also see here
(no name), X
------------
CLSID: {T6PB7PQ7-1L7I-K6WM-3YAB-15X4K1JP271L}
Filename: explore.exe
Description: Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here
(no name), X
------------
CLSID: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}
Filename: explore.exe, server.exe, service.exe, svchost.exe, svhost.exe, jtdll.exe, ieploxe.exe, messenger.exe, adobe.exe, other filenames
Description: Infostealer trojan, detected as Trojan.Win32.Llac.chs - also see here
BHO, Toolbars, URLSearchHooks, Explorer Bars: no results
Internet Explorer Buttons: no results
-------------------------------------
|| List: Startup / Autorun Entries ||
-------------------------------------
Default, X
----------
Filename: explore.vbs
Description: Added by the VBS.Allem WORM!
HKCU, X
-------
Filename: explore.exe
Description: Identified by Microsoft as Worm:Win32/Rebhip.A. Information at Threat Expert Note: Located in %windows%\system32\config
Explorer, X
-----------
Filename: explore.exe
Description: Identified by Microsoft as Worm:Win32/Rebhip.A. Information at Threat Expert Note: Located in %windows%\system32\config Note: This entry is loaded through one of the "Policies" startup keys.
HKLM, X
-------
Filename: explore.exe
Description: Identified by Microsoft as Worm:Win32/Rebhip.A. Information at Threat Expert Note: Located in %windows%\system32\config
HBService, X
------------
Filename: explore.exe
Description: Detected as Trojan-GameThief.Win32.OnLineGames.suaq by Kaspersky.
Windows Workstation Service, X
------------------------------
Filename: explore.exe
Description: Unknown malware.
Window, X
---------
Filename: explore.exe
Description: Added by the GAOBOT.ADW WORM!
Video Services, X
-----------------
Filename: explore.exe
Description: Added by a W32.Gaobot.GL worm infection
Update Windows, X
-----------------
Filename: EXPLORE.EXE
Description: Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
SystemExplorer, X
-----------------
Filename: explore.exe
Description: Homepage hijacker - file located in the "Services" folder in Common Files
rx, X
-----
Filename: explore.exe
Description: Troj/Zhengtu-A Note: Read the link, steals information
EXPLORER MICROSOFT SYSTEM, X
----------------------------
Filename: explore.exe
Description: Added by a variant of the WIN32.RBOT WORM!
explore.exe, X
--------------
Filename: Explore.exe
Description: Added by the GRAYBIRD.G VIRUS!
explore manager, X
------------------
Filename: explore.exe
Description: Added by the DONBOMB.A TROJAN!
Explore, X
----------
Filename: explore.exe
Description: Adult content dialler
explore, X
----------
Filename: explore.exe
Description: Added by the W32.Hawawi WORM!
yige, X
-------
Filename: explore.exe
Description: Unidentified malware. Note: Located in \%Windir%\%System%\wbem\
AppInit_DLLs & Winlogon Notify: no results
Extra Protocols: no results
Shared Task Scheduler: no results
ShellServiceObjectDelayLoad: no results
LSPs: no results
--------------------
|| List: Services ||
--------------------
neruo.exe (NeroFilterCheck), X
------------------------------
Filename: Explore.exe
Description: Added by the SDBOT.DIH WORM! Note: Read the link, rootkit type stealth involved.
Window (MPRS), X
----------------
Filename: explore.exe
Description: Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K)
Windows explorer, X
-------------------
Filename: explore.exe
Description: Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Source: https://github.com/katjahahn/SystemLookupChangelog:* Global search added
* Titles changed
* setup.py added
* LICENSE added
