API tools faq
paste
Advertisement
Guest User

autorun

a guest
Aug 24th, 2016
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.17 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Registry Autostart Locations
  3.  
  4. 1.
  5.  
  6. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ Run \
  7. All values in this key are executed.
  8.  
  9. 2.
  10.  
  11. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ RunOnce \
  12.  
  13. All values in this key are executed, and then their autostart reference is deleted.
  14.  
  15. 3.
  16.  
  17. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ RunServices \
  18. All values in this key are executed as services.
  19.  
  20. 4.
  21.  
  22. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServicesOnce\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ RunServicesOnce \
  23.  
  24. All values in this key are executed as services, and then their autostart reference is deleted. All values in this key are executed as services, and then their autostart reference is deleted.
  25.  
  26. 5.
  27.  
  28. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currie ntVersion \ Run \
  29.  
  30. All values in this key are executed. All values in this key are executed.
  31.  
  32. 6.
  33.  
  34. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currie ntVersion \ RunOnce \
  35.  
  36. All values in this key are executed, and then their autostart reference is deleted. All values in this key are executed, and then their autostart reference is deleted.
  37.  
  38. 7.
  39.  
  40. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\Setup\ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currie ntVersion \ RunOnce \ Setup \
  41.  
  42. Used only by Setup. Used only by Setup. Displays a progress dialog box as the keys are run one at a time. Displays a progress dialog box as the keys are run one at a time.
  43.  
  44. 8.
  45.  
  46. HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Run\ HKEY_USERS \. Default \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \
  47.  
  48. Similar to the Run key from HKEY_CURRENT_USER. Similar to the Run key from HKEY_CURRENT_USER.
  49.  
  50. 9.
  51.  
  52. HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\RunOnce\ HKEY_USERS \. Default \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce \
  53.  
  54. Similar to the RunOnce key from HKEY_CURRENT_USER. Similar to the RunOnce key from HKEY_CURRENT_USER.
  55.  
  56. 10. 10.
  57.  
  58. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
  59.  
  60. The "Shell" value is monitored. The "Shell" value is monitored. This value is executed after you log in. This value is executed after you login.
  61.  
  62. 11.
  63.  
  64. HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \
  65. All subkeys are monitored, with particular attention paid to the "StubPath" value in each subkey.
  66.  
  67. 12.
  68.  
  69. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\VxD\ HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Service es \ VxD \
  70.  
  71. All subkeys are monitored, with special attention paid to the "StaticVXD" value in each subkey. All subkeys are monitored, with particular attention paid to the "StaticVXD value in each subkey.
  72.  
  73. 13.
  74.  
  75. HKEY_CURRENT_USER\Control Panel\Desktop HKEY_CURRENT_USER \ Control Panel \ Desktop
  76.  
  77. The "SCRNSAVE.EXE" value is monitored. The "SCRNSAVE.EXE" value is monitored. This value is launched when your screen saver activates. This value is launched when your screen saver activates.
  78.  
  79. 14.
  80.  
  81. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Contro l \ Session Manager
  82.  
  83. The "BootExecute" value is monitored. The "BootExecute value is monitored. Files listed here are Native Applications that are executed before Windows starts. Files listed here are Native Applications that are executed before Windows starts.
  84.  
  85. 15.
  86.  
  87. HKEY_CLASSES_ROOT\vbsfile\shell\open\command\ HKEY_CLASSES_ROOT \ vbsfile \ shell \ open \ command \
  88.  
  89. Executed whenever a .VBS file (Visual Basic Script) is run. Executed whenever a. VBS file (Visual Basic Script) is run.
  90.  
  91. 16.
  92.  
  93. HKEY_CLASSES_ROOT\vbefile\shell\open\command\ HKEY_CLASSES_ROOT \ vbefile \ shell \ open \ command \
  94.  
  95. Executed whenever a .VBE file (Encoded Visual Basic Script) is run. Executed whenever a. Vbe file (encoded Visual Basic Script) is run.
  96.  
  97. 17.
  98.  
  99. HKEY_CLASSES_ROOT\jsfile\shell\open\command\ HKEY_CLASSES_ROOT \ jsfile \ shell \ open \ command \
  100.  
  101. Executed whenever a .JS file (Javascript) is run. Executed whenever a. JS file (JavaScript) is run.
  102.  
  103. 18.
  104.  
  105. HKEY_CLASSES_ROOT\jsefile\shell\open\command\ HKEY_CLASSES_ROOT \ jsefile \ shell \ open \ command \
  106.  
  107. Executed whenever a .JSE file (Encoded Javascript) is run. Executed whenever a. JSE file (encoded Javascript) is run.
  108.  
  109. 19.
  110.  
  111. HKEY_CLASSES_ROOT\wshfile\shell\open\command\ HKEY_CLASSES_ROOT \ wshfile \ shell \ open \ command \
  112.  
  113. Executed whenever a .WSH file (Windows Scripting Host) is run. Executed whenever a. File WSH (Windows Scripting Host) is run.
  114.  
  115. 20.
  116.  
  117. HKEY_CLASSES_ROOT\wsffile\shell\open\command\ HKEY_CLASSES_ROOT \ wsffile \ shell \ open \ command \
  118.  
  119. Executed whenever a .WSF file (Windows Scripting File) is run. Executed whenever a. WSF file (Windows Scripting File) is run.
  120.  
  121. 21.
  122.  
  123. HKEY_CLASSES_ROOT\exefile\shell\open\command\ HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command \
  124.  
  125. Executed whenever a .EXE file (Executable) is run. Executed whenever a. EXE file (Executable) is run.
  126.  
  127. 22.
  128.  
  129. HKEY_CLASSES_ROOT\comfile\shell\open\command\ HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command \
  130.  
  131. Executed whenever a .COM file (Command) is run. Executed whenever a. COM file (Command) is run.
  132.  
  133. 23.
  134.  
  135. HKEY_CLASSES_ROOT\batfile\shell\open\command\ HKEY_CLASSES_ROOT \ batfile \ shell \ open \ command \
  136.  
  137. Executed whenever a .BAT file (Batch Command) is run. Executed whenever a. BAT file (Batch Command) is run.
  138.  
  139. 24.
  140.  
  141. HKEY_CLASSES_ROOT\scrfile\shell\open\command\ HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command \
  142.  
  143. Executed whenever a .SCR file (Screen Saver) is run. Executed whenever a. SCR file (Screen Saver) is run.
  144.  
  145. 25.
  146.  
  147. HKEY_CLASSES_ROOT\piffile\shell\open\command\ HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command \
  148.  
  149. Executed whenever a .PIF file (Portable Interchange Format) is run. Executed whenever a. PIF file (Portable Interchange Format) is run.
  150.  
  151. 26.
  152.  
  153. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Service es \
  154.  
  155. Services marked to startup automatically are executed before user login. Services marked to startup automatically are executed before user login.
  156.  
  157. 27.
  158.  
  159. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Winsock2\Parameters\Protocol_Catalog\Catalog_En tries\ HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Service es \ Winsock2 \ Parameters \ Protocol_Catalog \ Catalog_En tries \
  160.  
  161. Layered Service Providers, executed before user login. Layered Service Providers, executed before user login.
  162.  
  163. 28.
  164.  
  165. HKEY_LOCAL_MACHINE\System\Control\WOW\cmdline HKEY_LOCAL_MACHINE \ System \ Control \ WOW \ cmdline
  166.  
  167. Executed when a 16-bit Windows executable is executed. Executed when a 16-bit Windows executable is executed.
  168.  
  169. 29.
  170.  
  171. HKEY_LOCAL_MACHINE\System\Control\WOW\wowcmdline HKEY_LOCAL_MACHINE \ System \ Control \ WOW \ wowcmdline
  172.  
  173. Executed when a 16-bit DOS application is executed. Executed when a 16-bit DOS application is executed.
  174.  
  175. 30.
  176.  
  177. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit
  178.  
  179. Executed when a user logs in. Executed when a user logs in.
  180.  
  181. 31.
  182.  
  183. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ ShellServiceObjectDelayLoad \
  184.  
  185. Executed by explorer.exe as soon as it has loaded. Executed by explorer.exe as soon as it has loaded.
  186.  
  187. 32.
  188.  
  189. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ run
  190.  
  191. Executed when the user logs in. Executed when the user logs in.
  192.  
  193. 33.
  194.  
  195. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ load
  196.  
  197. Executed when the user logs in. Executed when the user logs in.
  198.  
  199. 34.
  200.  
  201. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\run\ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currie ntVersion \ Policies \ Explorer \ run \
  202.  
  203. Subvalues are executed when Explorer initialises. Subvalues are executed when Explorer initialises.
  204.  
  205. 35.
  206.  
  207. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\run\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ Policies \ Explorer \ run \
  208.  
  209. Subvalues are executed when Explorer initialises. Subvalues are executed when Explorer initialises.
  210.  
  211. Folder Autostart Locations Folder Autostart Locations
  212.  
  213. 1. windir\Start Menu\Programs\Startup\ windir \ Start Menu \ Programs \ Startup \
  214.  
  215. 2. User\Startup\ User \ Startup \
  216.  
  217. 3. All Users\Startup\ All Users \ Startup \
  218.  
  219. 4. windir\system\iosubsys\ windir \ system \ iosubsys \
  220.  
  221. 5. windir\system\vmm32\ windir \ system \ vmm32 \
  222.  
  223. 6. windir\Tasks\ windir \ Tasks \
  224.  
  225. File Autostart Locations Autostart File Locations
  226.  
  227. 1. c:\explorer.exe c: \ explorer.exe
  228.  
  229. 2. c:\autoexec.bat c: \ autoexec.bat
  230.  
  231. 3. c:\config.sys c: \ Config.sys
  232.  
  233. 4. windir\wininit.ini windir \ wininit.ini
  234.  
  235. 5. windir\winstart.bat windir \ winstart.bat
  236.  
  237. 6. windir\win.ini - [windows] "load" windir \ win.ini - [windows] "load"
  238.  
  239. 7. windir\win.ini - [windows] "run" windir \ win.ini - [windows] run "
  240.  
  241. 8. windir\system.ini - [boot] "shell" windir \ SYSTEM.INI - [boot] "shell"
  242.  
  243. 9. windir\system.ini - [boot] "scrnsave.exe" windir \ SYSTEM.INI - [boot] "scrnsave.exe"
  244.  
  245. 10. windir\dosstart.bat windir \ dosstart.bat
  246.  
  247. 11. windir\system\autoexec.nt windir \ system \ Autoexec.nt
  248.  
  249. 12. windir\system\config.nt windir \ system \ config.nt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!