-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathautoruns.csv
We can make this file beautiful and searchable if this error is corrected: Illegal quoting in line 14.
61 lines (61 loc) · 16.6 KB
/
autoruns.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Time Entry Location Entry Enabled Category Profile Description Signer Company Image Path Version Launch String
20180511-155430 HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms Logon System-wide
19080610-140310 HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms rdpclip enabled Logon System-wide RDP Clipboard Monitor (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\rdpclip.exe 10.0.17134.1 rdpclip
20181128-035540 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Logon System-wide
20350513-182711 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit C:\Windows\system32\userinit.exe enabled Logon System-wide Userinit Logon Application (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\userinit.exe 10.0.17134.1 C:\Windows\system32\userinit.exe
20181128-035540 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet Logon System-wide
19651010-021720 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet SystemPropertiesPerformance.exe enabled Logon System-wide Change Computer Performance Settings (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\systempropertiesperformance.exe 10.0.17134.1 SystemPropertiesPerformance.exe
20181128-035540 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Logon System-wide
20040217-054320 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell explorer.exe enabled Logon System-wide Windows Explorer (Verified) Microsoft Windows Microsoft Corporation c:\windows\explorer.exe 10.0.17134.165 explorer.exe
20180511-155430 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell Logon System-wide
19710108-084405 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell cmd.exe enabled Logon System-wide Windows Command Processor (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\cmd.exe 10.0.17134.1 cmd.exe
20181031-221241 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Logon System-wide
20151004-031430 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SecurityHealth enabled Logon System-wide Windows Defender notification icon (Verified) Microsoft Windows Microsoft Corporation c:\program files\windows defender\msascuil.exe 4.13.17134.1 %ProgramFiles%\Windows Defender\MSASCuiL.exe
20180608-041448 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TechSmithSnagit enabled Logon System-wide Snagit (Verified) TechSmith Corporation TechSmith Corporation c:\program files\techsmith\snagit 2018\snagit32.exe 18.2.0.1511 ""C:\Program Files\TechSmith\Snagit 2018\Snagit32.exe"" /i
20170712-111503 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VMware Netlink 3 HV Install Utility enabled Logon System-wide NetLink install tool (Verified) FabulaTech c:\program files\common files\vmware\deviceredirectioncommon\ftnliu.exe 3.1.3.27 C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe
20180103-224307 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Eraser enabled Logon System-wide Eraser (Verified) Heidi Computers Ltd The Eraser Project c:\program files\eraser\eraser.exe 6.2.0.2982 ""C:\Program Files\Eraser\Eraser.exe"" -atRestart
20150626-080852 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RTHDVCPL enabled Logon System-wide Realtek HD Audio Manager (Verified) Realtek Semiconductor Corp Realtek Semiconductor c:\program files\realtek\audio\hda\ravcpl64.exe 1.0.0.970 ""C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"" -s
19570414-113525 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Logitech Download Assistant enabled Logon System-wide Windows host process (Rundll32) (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\rundll32.exe 10.0.17134.1 C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
20181025-230014 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LogiPresentation enabled Logon System-wide Logi Presentation.exe (UNICODE) (Verified) Logitech Inc Logitech, Inc. c:\program files\logitech\logipresentation\logipresentation.exe 1.52.24.0 C:\Program Files\Logitech\LogiPresentation\LogiPresentation.exe
20181128-173325 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Logon System-wide
20150610-141624 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run IAStorIcon enabled Logon System-wide IAStorIcon (Verified) Intel Corporation ? Non-Volatile Memory Solutions Group Intel Corporation c:\program files (x86)\intel\intel(r) rapid storage technology enterprise\iastoricon.exe 4.3.0.1542 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
20170810-184225 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run DSATray enabled Logon System-wide Intel Driver Update Utility Tray (Verified) Intel(R) Driver Update Utility Intel c:\program files (x86)\intel driver update utility\dsatray.exe 2.9.0.2 C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe
20181106-130525 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Dropbox enabled Logon System-wide Dropbox (Verified) Dropbox, Inc Dropbox, Inc. c:\program files (x86)\dropbox\client\dropbox.exe 61.4.95.0 ""C:\Program Files (x86)\Dropbox\Client\Dropbox.exe"" /systemstartup
20160727-103614 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run PowerPanel Personal Edition User Interaction enabled Logon System-wide PowerPanel Personal Edition User Interaction (Verified) Cyber Power Systems, Inc. Cyber Power Systems, Inc. c:\program files (x86)\cyberpower powerpanel personal edition\pppeuser.exe 1.6.2.0 C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
20171127-204702 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Cisco AnyConnect Secure Mobility Agent for Windows enabled Logon System-wide Cisco AnyConnect User Interface (Verified) Cisco Systems, Inc. Cisco Systems, Inc. c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnui.exe 4.5.3040.0 ""C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe"" -minimized
20181121-092914 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run vmware-tray.exe enabled Logon System-wide VMware Tray Process (Verified) VMware, Inc. VMware, Inc. c:\program files (x86)\vmware\vmware workstation\vmware-tray.exe 15.0.2.40550 ""C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe""
20181025-140604 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run ConnectionCenter enabled Logon System-wide Citrix Connection Center (Verified) Citrix Systems, Inc. Citrix Systems, Inc. c:\program files (x86)\citrix\ica client\concentr.exe 18.10.0.20023 ""C:\Program Files (x86)\Citrix\ICA Client\concentr.exe"" /startup
20181025-140229 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Redirector enabled Logon System-wide Citrix FTA, URL Redirector (Verified) Citrix Systems, Inc. Citrix Systems, Inc. c:\program files (x86)\citrix\ica client\redirector.exe 18.10.0.20023 ""C:\Program Files (x86)\Citrix\ICA Client\redirector.exe"" /startup
20181006-030450 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logon System-wide
20120510-023805 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup NETGEAR A6100 Genie.lnk enabled Logon System-wide Realtek RtlService Application (Verified) NETGEAR Realtek Semiconductor Corp. c:\program files (x86)\netgear\a6100\rtlservice.exe 700.1007.509.2012 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk
20181120-175233 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup SteelSeries Engine 3.lnk enabled Logon System-wide SteelSeries Engine 3 Core (Verified) SteelSeries ApS SteelSeries ApS c:\program files\steelseries\steelseries engine 3\steelseriesengine3.exe 3.13.3.0 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
20180613-225028 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Logon System-wide
19170613-040542 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Microsoft Windows Media Player enabled Logon System-wide Microsoft Windows Media Player Setup Utility (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\unregmp2.exe 12.0.17134.1 %SystemRoot%\system32\unregmp2.exe /ShowWMP
19170613-040542 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Microsoft Windows Media Player enabled Logon System-wide Microsoft Windows Media Player Setup Utility (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\unregmp2.exe 12.0.17134.1 %SystemRoot%\system32\unregmp2.exe /FirstLogon
19750408-124619 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Web Platform Customizations enabled Logon System-wide IE Per-User Initialization Utility (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\ie4uinit.exe 11.0.17134.254 C:\Windows\System32\ie4uinit.exe -UserConfig
19570414-113525 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components n/a enabled Logon System-wide Windows host process (Rundll32) (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\rundll32.exe 10.0.17134.1 C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
20181115-050000 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Google Chrome enabled Logon System-wide Google Chrome Installer (Verified) Google Inc Google Inc. c:\program files (x86)\google\chrome\application\70.0.3538.110\installer\chrmstp.exe 70.0.3538.110 ""C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\Installer\chrmstp.exe"" --configure-user-settings --verbose-logging --system-level
20180511-155436 HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components Logon System-wide
19820812-130312 HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components Microsoft Windows Media Player enabled Logon System-wide Microsoft Windows Media Player Setup Utility (Verified) Microsoft Windows Microsoft Corporation c:\windows\syswow64\unregmp2.exe 12.0.17134.1 %SystemRoot%\system32\unregmp2.exe /ShowWMP
19820812-130312 HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components Microsoft Windows Media Player enabled Logon System-wide Microsoft Windows Media Player Setup Utility (Verified) Microsoft Windows Microsoft Corporation c:\windows\syswow64\unregmp2.exe 12.0.17134.1 %SystemRoot%\system32\unregmp2.exe /FirstLogon
19860130-114244 HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components n/a enabled Logon System-wide Windows host process (Rundll32) (Verified) Microsoft Windows Microsoft Corporation c:\windows\syswow64\rundll32.exe 10.0.17134.1 C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
20180511-155428 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib Logon System-wide
19020513-234732 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib IconCodecService.dll enabled Logon System-wide Converts a PNG part of the icon to a legacy bmp icon (Verified) Microsoft Windows Microsoft Corporation c:\windows\system32\iconcodecservice.dll 10.0.17134.1 IconCodecService.dll
20181121-012521 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Logon TEST\jhenderson
20181107-172308 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneDrive enabled Logon TEST\jhenderson Microsoft OneDrive (Verified) Microsoft Corporation Microsoft Corporation c:\users\jhenderson\appdata\local\microsoft\onedrive\onedrive.exe 18.192.920.15 ""C:\Users\jhenderson\AppData\Local\Microsoft\OneDrive\OneDrive.exe"" /background
20181115-050000 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GoogleChromeAutoLaunch_2FAF3F6EDBC740B00227E8AD7E656486 enabled Logon TEST\jhenderson Google Chrome (Verified) Google Inc Google Inc. c:\program files (x86)\google\chrome\application\chrome.exe 70.0.3538.110 ""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"" --no-startup-window /prefetch:5
20181126-201813 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Steam enabled Logon TEST\jhenderson Steam Client Bootstrapper (Verified) Valve Valve Corporation c:\program files (x86)\steam\steam.exe 4.83.53.91 ""C:\Program Files (x86)\Steam\steam.exe"" -silent
20181113-210701 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GoogleDriveFS enabled Logon TEST\jhenderson Google Drive File Stream (Verified) Google Inc Google, Inc. c:\program files\google\drive file stream\28.1.48.2039\googledrivefs.exe 28.1.48.2039 ""C:\Program Files\Google\Drive File Stream\28.1.48.2039\GoogleDriveFS.exe""
20161213-195358 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run com.squirrel.slack.slack enabled Logon TEST\jhenderson (Verified) Slack Technologies, Inc. c:\users\jhenderson\appdata\local\slack\update.exe 1.5.1.0 ""C:\Users\jhenderson\AppData\Local\slack\Update.exe"" --processStart ""slack.exe"" --process-start-args ""--startup""
20010117-201337 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Speech Recognition enabled Logon TEST\jhenderson Speech Recognition (Verified) Microsoft Windows Microsoft Corporation c:\windows\speech\common\sapisvr.exe 5.3.22011.0 ""C:\Windows\Speech\Common\sapisvr.exe"" -SpeechUX -Startup
20181112-042308 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Lync enabled Logon TEST\jhenderson Skype for Business (Verified) Microsoft Corporation Microsoft Corporation c:\program files (x86)\microsoft office\root\office16\lync.exe 16.0.11001.20108 ""C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe"" /fromrunkey
20130618-210149 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZoomIt enabled Logon TEST\jhenderson Sysinternals Screen Magnifier (Verified) Microsoft Corporation Sysinternals - www.sysinternals.com c:\windows\system32\zoomit.exe 4.50.0.0 C:\WINDOWS\system32\zoomit.exe
20180127-124922 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Outlook Google Calendar Sync enabled Logon TEST\jhenderson OutlookGoogleCalendarSync (Not verified) Paul Woolcock Paul Woolcock c:\users\jhenderson\appdata\local\outlookgooglecalendarsync\app-2.7.0-beta\outlookgooglecalendarsync.exe 2.7.0.0 C:\Users\jhenderson\AppData\Local\OutlookGoogleCalendarSync\app-2.7.0-beta\OutlookGoogleCalendarSync.exe --delay 10
20180713-190234 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run com.squirrel.Teams.Teams enabled Logon TEST\jhenderson Update (Verified) Microsoft 3rd Party Application Component Microsoft Corporation c:\users\jhenderson\appdata\local\microsoft\teams\update.exe 1.4.4.0 C:\Users\jhenderson\AppData\Local\Microsoft\Teams\Update.exe --processStart ""Teams.exe"" --process-start-args ""--system-initiated""
20180728-183537 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HubSpot for Windows enabled Logon TEST\jhenderson c:\users\jhenderson\appdata\roaming\microsoft\windows\start menu\programs\hubspot\hubspot for windows.appref-ms C:\Users\jhenderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hubspot\HubSpot for Windows.appref-ms
20180701-111327 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EasyTether enabled Logon TEST\jhenderson EasyTether Tray (Verified) Polyclef Software LLC Mobile Stream c:\program files\mobile stream\easytether\easytthr.exe 1.3.4.0 ""C:\Program Files\Mobile Stream\EasyTether\easytthr.exe""
20170925-144202 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VivePCClient enabled Logon TEST\jhenderson Viveport Desktop (Verified) HTC Corp. HTC c:\program files (x86)\vivesetup\pcclient\vive.exe 1.1.3.21 ""C:\Program Files (x86)\ViveSetup\PCClient\Vive.exe"" /silent
20181026-042934 C:\Users\jhenderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Logon TEST\jhenderson
20170114-160101 C:\Users\jhenderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup GIGABYTE AORUS GRAPHICS ENGINE.lnk enabled Logon TEST\jhenderson c:\program files (x86)\gigabyte\aorus graphics engine\autorun.exe C:\Users\jhenderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE AORUS GRAPHICS ENGINE.lnk
20160529-093733 C:\Users\jhenderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup GIGABYTE XTREME GAMING ENGINE.lnk enabled Logon TEST\jhenderson (Verified) GIGA-BYTE TECHNOLOGY CO., LTD. c:\program files (x86)\gigabyte\xtreme gaming engine\autorun.exe C:\Users\jhenderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk
20181112-021442 C:\Users\jhenderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Send to OneNote.lnk enabled Logon TEST\jhenderson Send to OneNote Tool (Verified) Microsoft Corporation Microsoft Corporation c:\program files (x86)\microsoft office\root\office16\onenotem.exe 16.0.11001.20108 C:\Users\jhenderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk