|
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Terminal Server Client\Default
Description:
MRU list containing entries corresponding to terminal servers connected to by user
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Description:
MRU list containing entries that detail last visited locations in Windows Explorer
..................................................................................................................................................
Registry Location:
HKLM
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
Description:
Lists programs to be run when system starts.
..................................................................................................................................................
Registry Location:
HKLM
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any�subkey\
Description:
Lists programs to be run when system starts.
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
Description:
..................................................................................................................................................
Registry Location:
HKLM
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Run\
Description:
Lists programs to be run when system starts. On 2K and XP, these entries are ignored when booted to Safe Mode; however, entries preceded by "*" will be processed even when booted to Safe Mode. On XP, these 'Run' keys are referred to as the 'legacy Run list', as they are provided for backwards compatibility with previous versions of Windows.
..................................................................................................................................................
Registry Location:
HKLM
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\
Description:
Andy Aronoff, owner of SilentRunners.org, says that the contents of any subkey will be launched. At this point, I haven't tested it.
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Run\
Description:
..................................................................................................................................................
Registry Location:
HKLM
Key Location:
\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Description:
Lists programs to be run once when the system starts, and deleted. The commands listed here are deleted before the actual commands are run. If the command is preceded by "!", the command is deleted after the command is run.
..................................................................................................................................................
Registry Location:
HKLM
Key Location:
\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\
Description:
..................................................................................................................................................
Triage LHF module reports on this key
|
