Runscanner : freeware startup analyzer
If you want free network inventory don't forget to visit Lansweeper : Freeware asset and software inventory
Welcome Guest Search | Active Topics | Members | Log In | Register

RunScanner » RunScanner (English) » Beta testing » Currently scanned items (1.6.3.0) (187 items)

Currently scanned items (1.6.3.0) (187 items) Options
Previous Topic · Next Topic
GeertM
Posted: Monday, February 26, 2007 9:53:19 PM

Rank: Administration
Groups: Administration

Joined: 2/16/2007
Posts: 141
Points: 192
Location: Belgium
000 General info
001 Running processes
002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
004 ' + ftemp, expandEnvironment(ftemp) 'Current user startup'
005 ' + ftemp, expandEnvironment(ftemp) 'Common Startup'
006 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
007 %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
010 getservices
011 getdrivers
030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
032 HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
033 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
034 HKLM-HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
036 HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
037 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
038 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
040 HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
042 HKLM\Software\Microsoft\Internet Explorer\Extensions
043 HKCU\Software\Microsoft\Internet Explorer\Extensions
044 HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
047 HKLM-HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains (Trusted zones)
048 HKLM-HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ESCDomains (ESC Trusted zones)
050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
051 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
060 HKLM-HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
064 HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
065 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
066 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
068 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\...\Catalog_Entries', HKEY_LOCAL_MACHINE);
069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
071 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
072 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
073 %windir%\Tasks
074 %windir%\System32\Tasks
080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders)
081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders)
090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
100 Software\Microsoft\Internet Explorer\Main', HKEY_CURRENT_USER, 'Start Page', 'Start Page HKCU',
100 Software\Microsoft\Internet Explorer\Main', HKEY_LOCAL_MACHINE, 'Start Page', 'Start Page HKLM'
100 Software\Microsoft\Internet Explorer\Main', HKEY_CURRENT_USER, 'Search Page', 'Search Page HKCU'
100 Software\Microsoft\Internet Explorer\Main', HKEY_LOCAL_MACHINE, 'Search Page', 'Search Page HKLM'
100 Software\Microsoft\Internet Explorer\Main', HKEY_CURRENT_USER, 'Default_Page_URL', 'Default_Page_URL HKCU'
100 Software\Microsoft\Internet Explorer\Main', HKEY_LOCAL_MACHINE, 'Default_Page_URL', 'Default_Page_URL HKLM'
100 Software\Microsoft\Internet Explorer\Main', HKEY_CURRENT_USER, 'Default_Search_URL', 'Default_Search_URL HKCU'
100 Software\Microsoft\Internet Explorer\Main', HKEY_LOCAL_MACHINE, 'Default_Search_URL', 'Default_Search_URL HKLM'
100 Software\Microsoft\Internet Explorer\Search', HKEY_CURRENT_USER, 'SearchAssistant'
100 Software\Microsoft\Internet Explorer\Search', HKEY_LOCAL_MACHINE, 'SearchAssistant'
100 Software\Microsoft\Internet Explorer\Search', HKEY_CURRENT_USER, 'CustomizeSearch'
100 Software\Microsoft\Internet Explorer\Search', HKEY_LOCAL_MACHINE, 'CustomizeSearch'
100 Software\Microsoft\Windows\CurrentVersion\Internet Settings', HKEY_CURRENT_USER, 'ProxyServer'
100 Software\Microsoft\Windows\CurrentVersion\Internet Settings', HKEY_LOCAL_MACHINE, 'ProxyServer'
100 Software\Microsoft\Windows\CurrentVersion\Internet Settings', HKEY_CURRENT_USER, 'ProxyOverride'
100 Software\Microsoft\Windows\CurrentVersion\Internet Settings', HKEY_LOCAL_MACHINE, 'ProxyOverride'
100 Software\Microsoft\Internet Explorer\SearchUrl', HKEY_CURRENT_USER, '', 'SearchUrl HKCU'
100 Software\Microsoft\Internet Explorer\SearchUrl', HKEY_LOCAL_MACHINE, '', 'SearchUrl HKLM'
100 Software\Microsoft\Internet Connection Wizard', HKEY_CURRENT_USER, 'ShellNext', 'ShellNext HKCU'
100 Software\Microsoft\Internet Connection Wizard', HKEY_LOCAL_MACHINE, 'ShellNext', 'ShellNext HKLM'
102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
106 HKLM\Software\Microsoft\Windows\CurrentVersion\URL
107 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\...\Catalog_Entries
110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
120 Domain/DNS hijacking', 'HKLM\SYSTEM\CurrentControlSet\Services\VXD\MSTCP', 'Domain'
120 Domain/DNS hijacking', 'HKLM\SYSTEM\CurrentControlSet\Services\VXD\MSTCP', 'NameServer'
120 Domain/DNS hijacking', 'HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters', 'Domain'
120 Domain/DNS hijacking', 'HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters', 'NameServer'
120 Domain/DNS hijacking', 'HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters', 'SearchList'
120 Domain/DNS hijacking', 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony', 'DomainName'
120 Domain/DNS hijacking', 'HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces'
121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
122 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
135 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (+subkeys)
136 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (+subkeys)
137 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx (+subkeys)
138 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx (+subkeys)
139 HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
140 HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
145 HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters
146 HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell
147 HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders
148 HKLM\System\CurrentControlSet\Control\WOW\cmdline
149 HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
150 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
151 HKLM\Software\Microsoft\Command Processor\Autorun
152 HKCU\Software\Microsoft\Command Processor\Autorun
153 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Midi
160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
166 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run (+subkeys)
167 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run (+subkeys)
170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
171 HKCU\Control Panel\Desktop\SCRNSAVE.EXE
172 HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
173 HKCR\*\shellex\ContextMenuHandlers
174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
180 FileType Hijacking', HKEY_CLASSES_ROOT, '.bat'
180 FileType Hijacking', HKEY_CLASSES_ROOT, '.cmd'
180 FileType Hijacking', HKEY_CLASSES_ROOT, '.com'
180 FileType Hijacking', HKEY_CLASSES_ROOT, '.exe'
180 FileType Hijacking', HKEY_CLASSES_ROOT, '.hta'
180 FileType Hijacking', HKEY_CLASSES_ROOT, '.pif'
180 FileType Hijacking', HKEY_CLASSES_ROOT, '.scr'
180 FileType Hijacking', HKEY_CLASSES_ROOT, 'batfile'
180 FileType Hijacking', HKEY_CLASSES_ROOT, 'cmdfile'
180 FileType Hijacking', HKEY_CLASSES_ROOT, 'comfile'
180 FileType Hijacking', HKEY_CLASSES_ROOT, 'exefile'
180 FileType Hijacking', HKEY_CLASSES_ROOT, 'htafile'
180 FileType Hijacking', HKEY_CLASSES_ROOT, 'piffile'
180 FileType Hijacking', HKEY_CLASSES_ROOT, 'scrfile'
180 FileType Hijacking', HKEY_CURRENT_USER, '.bat'
180 FileType Hijacking', HKEY_CURRENT_USER, '.cmd'
180 FileType Hijacking', HKEY_CURRENT_USER, '.com'
180 FileType Hijacking', HKEY_CURRENT_USER, '.exe'
180 FileType Hijacking', HKEY_CURRENT_USER, '.hta'
180 FileType Hijacking', HKEY_CURRENT_USER, '.pif'
180 FileType Hijacking', HKEY_CURRENT_USER, '.scr'
180 FileType Hijacking', HKEY_CURRENT_USER, 'batfile'
180 FileType Hijacking', HKEY_CURRENT_USER, 'cmdfile'
180 FileType Hijacking', HKEY_CURRENT_USER, 'comfile'
180 FileType Hijacking', HKEY_CURRENT_USER, 'exefile'
180 FileType Hijacking', HKEY_CURRENT_USER, 'htafile'
180 FileType Hijacking', HKEY_CURRENT_USER, 'piffile'
180 FileType Hijacking', HKEY_CURRENT_USER, 'scrfile'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, '.bat'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, '.cmd'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, '.com'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, '.exe'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, '.hta'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, '.pif'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, '.scr'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, 'batfile'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, 'cmdfile'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, 'comfile'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, 'exefile'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, 'htafile'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, 'piffile'
180 FileType Hijacking', HKEY_LOCAL_MACHINE, 'scrfile'
190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp
200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute
201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator
215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard
220 HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
222 HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
224 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
226 HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
228 HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
230 HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
240 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers

Lansweeper : free software and computer inventory
Back to top
 
LUSHER
Posted: Friday, March 02, 2007 10:35:54 PM
Rank: Member
Groups: Member

Joined: 3/2/2007
Posts: 53
Points: 159
I have not looked at your list yet, but the lists below should keep you busy for a while.

http://weblog.infoworld.com/securityadviser/archives/2006/05/updated_where_w.html
http://www.silentrunners.org/sr_launchpoints.html
http://gladiator-antivirus.com/forum/index.php?showtopic=24610

Also some interesting discussion

http://www.dslreports.com/forum/remark,6721512~days=9999~start=80
http://www.dslreports.com/forum/remark,6686853~root=security,1~mode=flat
Back to top
 
LUSHER
Posted: Saturday, August 18, 2007 4:12:49 PM
Rank: Member
Groups: Member

Joined: 3/2/2007
Posts: 53
Points: 159
Is the list above updated?

I would like to start checking your lists , so it would help if I had a update list.
Back to top
 
GeertM
Posted: Sunday, August 19, 2007 7:48:29 PM

Rank: Administration
Groups: Administration

Joined: 2/16/2007
Posts: 141
Points: 192
Location: Belgium
I'll try to update this list later today.

Lansweeper : free software and computer inventory
Back to top
 
Users browsing this topic
Guest

RunScanner » RunScanner (English) » Beta testing » Currently scanned items (1.6.3.0) (187 items)


Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

SoClean Theme Created by Jaben Cargman
Powered by YetAnotherforum.net
Copyright © 2003-2006 Yet Another Forum.net. All rights reserved.
This page was generated in 0.119 seconds.