Home Page   The Script   Download   Launch
Points     		Terms
of Use    		Procedures   Thanks   Contact

Launch Points

Here are the registry keys, INI-file sections, files and folders that are checked by Silent Runners and the Operating Systems (OS’s) to which they apply:

 

Item Checked

OS
1. HKCU\Control Panel\Desktop\SCRNSAVE.EXE NT4+
2. HKCU\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\
HKCU\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021494-0000-0000-C000-000000000046}\		 W2K+
3. HKCU\Software\Classes\.bat\shell\subkey\command\
HKCU\Software\Classes\.bat\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.cmd\shell\subkey\command\
HKCU\Software\Classes\.cmd\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.com\shell\subkey\command\
HKCU\Software\Classes\.com\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.exe\shell\subkey\command\
HKCU\Software\Classes\.exe\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.hta\shell\subkey\command\
HKCU\Software\Classes\.hta\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.pif\shell\subkey\command\
HKCU\Software\Classes\.pif\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\.scr\shell\subkey\command\
HKCU\Software\Classes\.scr\shell\subkey\ddeexec\		 W2K+
 
 
  HKCU\Software\Classes\batfile\shell\subkey\command\
HKCU\Software\Classes\batfile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\cmdfile\shell\subkey\command\
HKCU\Software\Classes\cmdfile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\comfile\shell\subkey\command\
HKCU\Software\Classes\comfile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\exefile\shell\subkey\command\
HKCU\Software\Classes\exefile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\htafile\shell\subkey\command\
HKCU\Software\Classes\htafile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\piffile\shell\subkey\command\
HKCU\Software\Classes\piffile\shell\subkey\ddeexec\		 W2K+
  HKCU\Software\Classes\scrfile\shell\subkey\command\
HKCU\Software\Classes\scrfile\shell\subkey\ddeexec\		 W2K+
4. HKCU\Software\Classes\*\shellex\ColumnHandlers\
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
HKCU\Software\Classes\*\shellex\CopyHookHandlers\
HKCU\Software\Classes\*\shellex\DragDropHandlers\
HKCU\Software\Classes\*\shellex\PropertySheetHandlers\

HKCU\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Directory\shellex\ColumnHandlers\
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\shellex\CopyHookHandlers\
HKCU\Software\Classes\Directory\shellex\DragDropHandlers\
HKCU\Software\Classes\Directory\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Directory\Background\shellex\ColumnHandlers\
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\Background\shellex\CopyHookHandlers\
HKCU\Software\Classes\Directory\Background\shellex\DragDropHandlers\
HKCU\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Folder\shellex\ColumnHandlers\
HKCU\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Folder\shellex\CopyHookHandlers\
HKCU\Software\Classes\Folder\shellex\DragDropHandlers\
HKCU\Software\Classes\Folder\shellex\PropertySheetHandlers\ 		W2K+
5. HKCU\Software\Classes\PROTOCOLS\Filter\ W2K+
6. HKCU\Software\Classes\PROTOCOLS\Handler\ W2K+
7. HKCU\Software\Microsoft\Command Processor\AutoRun NT4+
8. HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ All
9. HKCU\Software\Microsoft\Internet Explorer\Extensions\ All
10. HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ All
11. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ All
12. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\Application
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\Application
 WMe/W2K/WXP
  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\ProgID
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\ProgID
 WXP
13. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ W2K+
14. HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\ WVa+
15. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
16. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any subkey\ WMe/W2K
17. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell W2K+
18. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ All
19. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\ W2K
20. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ All
21. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\any subkey\ W2K
22. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
23. HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ All
24. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration WVa+
25. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run		 NT4/W2K/WXP/WVa
26. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell NT4+
27. HKCU\Software\Policies\Microsoft\Windows\System\Scripts\ W2K/WXP
28. HKLM\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021493-0000-0000-C000-000000000046}\
HKLM\Software\Classes\CLSID\{CLSID}\Implemented Categories\{00021494-0000-0000-C000-000000000046}\		 All
29. HKLM\Software\Classes\.bat\shell\subkey\command\
HKLM\Software\Classes\.bat\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.cmd\shell\subkey\command\
HKLM\Software\Classes\.cmd\shell\subkey\ddeexec\		 NT4+
  HKLM\Software\Classes\.com\shell\subkey\command\
HKLM\Software\Classes\.com\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.exe\shell\subkey\command\
HKLM\Software\Classes\.exe\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.hta\shell\subkey\command\
HKLM\Software\Classes\.hta\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.pif\shell\subkey\command\
HKLM\Software\Classes\.pif\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\.scr\shell\subkey\command\
HKLM\Software\Classes\.scr\shell\subkey\ddeexec\		 All
 
 
  HKLM\Software\Classes\batfile\shell\subkey\command\
HKLM\Software\Classes\batfile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\cmdfile\shell\subkey\command\
HKLM\Software\Classes\cmdfile\shell\subkey\ddeexec\		 NT4+
  HKLM\Software\Classes\comfile\shell\subkey\command\
HKLM\Software\Classes\comfile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\exefile\shell\subkey\command\
HKLM\Software\Classes\exefile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\htafile\shell\subkey\command\
HKLM\Software\Classes\htafile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\piffile\shell\subkey\command\
HKLM\Software\Classes\piffile\shell\subkey\ddeexec\		 All
  HKLM\Software\Classes\scrfile\shell\subkey\command\
HKLM\Software\Classes\scrfile\shell\subkey\ddeexec\		 All
30. HKLM\Software\Classes\*\shellex\ColumnHandlers\
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
HKLM\Software\Classes\*\shellex\CopyHookHandlers\
HKLM\Software\Classes\*\shellex\DragDropHandlers\
HKLM\Software\Classes\*\shellex\PropertySheetHandlers\

HKLM\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKLM\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Directory\shellex\ColumnHandlers\
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Directory\shellex\CopyHookHandlers\
HKLM\Software\Classes\Directory\shellex\DragDropHandlers\
HKLM\Software\Classes\Directory\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Directory\Background\shellex\ColumnHandlers\
HKLM\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Directory\Background\shellex\CopyHookHandlers\
HKLM\Software\Classes\Directory\Background\shellex\DragDropHandlers\
HKLM\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKLM\Software\Classes\Folder\shellex\CopyHookHandlers\
HKLM\Software\Classes\Folder\shellex\DragDropHandlers\
HKLM\Software\Classes\Folder\shellex\PropertySheetHandlers\ 		All
31. HKLM\Software\Classes\PROTOCOLS\Filter\ All
32. HKLM\Software\Classes\PROTOCOLS\Handler\ All
33. HKLM\Software\Microsoft\Active Setup\Installed Components\ All
34. HKLM\Software\Microsoft\Command Processor\AutoRun NT4+
35. HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ All
36. HKLM\Software\Microsoft\Internet Explorer\Extensions\ All
37. HKLM\Software\Microsoft\Internet Explorer\Toolbar\ All
38. HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ WVa+
39. HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ WVa+
40. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ WXP+
41. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ All
42. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\ WVa+
43. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ All
44. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ All
45. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ All
46. HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\ WVa+
47. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ WMe/W2K+
48. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\any subkey\ WMe/W2K
49. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ All
50. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\any subkey\ W2K
51. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ All
52. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\any subkey\ W2K
53. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ All
54. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All
55. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ W9x
56. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ W9x
57. HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ All
58. HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ All
59. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration WVa+
60. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\ W2K (6)
61. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Aedebug\ NTx
62. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ NTx
63. HKLM\Software\Microsoft\Windows NT\CurrentVersion\InitFileMapping\ NT4+
64. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs NT4+
65. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet		 NT4+
66. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ W2K/WXP
67. HKLM\Software\Policies\Microsoft\Windows\System\Scripts\ W2K/WXP
68. HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension Wn7
69. HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath NT4+
70. HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters W2K+
71. HKLM\System\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\System\CurrentControlSet\Control\Lsa\Security Packages		 NT4+
72. HKLM\System\CurrentControlSet\Control\Print\Monitors\ All
73. HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell
HKLM\System\CurrentControlSet\Control\SafeBoot\Option\UseAlternateShell 		W2K+
74. HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders All
75. HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute 		NT4+
76. HKLM\System\CurrentControlSet\Control\WOW\cmdline
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline		 NTx
77. HKLM\System\CurrentControlSet\Services\ NT4+
78. HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\		 All
79. %WINDIR%\WIN.INI [windows] load=, run= W9x
80. %WINDIR%\SYSTEM.INI [boot] shell=, scrnsave.exe= W9x
81. %WINDIR%\WINSTART.BAT W9x (2)
82. [Local Fixed Disk]\AUTORUN.INF open=, shellexecute= All (3)
83. [Local Fixed Disk]\[Any Folder with “S” Attribute]\DESKTOP.INI [.ShellClassInfo] CLSID= / UICLSID= All (1)
84. %WINDIR%\All Users\Start Menu\Programs\Startup\ W9x
85. %WINDIR%\Start Menu\Programs\Startup\ W9x
86. %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ NTx
87. %USERPROFILE%\Start Menu\Programs\Startup\ NTx
88. %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\ WVa+
89. %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ WVa+
90. %USERPROFILE%\AppData\Local\Microsoft\Windows Sidebar\Settings.ini WVa+
91. %WINDIR%\Tasks\ W9x/NTx
92. %WINDIR%\System32\Tasks\ WVa+

Hijack Points

These registry keys and files can be used to redirect the desktop, network and Internet Explorer:

 Item CheckedO/S
1. HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\ W9x/NTx
2. HKCU\Software\Microsoft\Internet Explorer\Main\ All (4)
3. HKCU\Software\Microsoft\Internet Explorer\SearchURL\ All (4)
4. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ All
5. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState W9x/NTx
6. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ All
7. HKCU\Software\Policies\Microsoft\Internet Explorer\ All
8. HKCU\Software\Policies\Microsoft\Windows\ All
9. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ W2K+
10. HKLM\Software\Microsoft\Internet Explorer\Main\ All (4)
11. HKLM\Software\Microsoft\Internet Explorer\Search\ All (4)
12. HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ All
13. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ All
14. HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ All
15. HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\ All
16. HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\ WXP+
17. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath NT4+
18. %WINDIR%\HOSTS
%WINDIR%\System32\drivers\etc\HOSTS		 W9x
NT4+
19. %WINDIR%\INF\IERESET.INF Note 5
 
W9x: Windows 95, Windows 98 (Standard Edition), Windows 98 SE (Second Edition), and Windows Me (Millennium Edition)
NTx: Windows NT 4.0, Windows 2000, and Windows XP
NT4+: Windows NT 4.0, Windows 2000, Windows XP, Windows Vista, and Windows 7
W2K+: Windows 2000, Windows XP, Windows Vista, and Windows 7
WXP+: Windows XP, Windows Vista, and Windows 7
WVa+: Windows Vista and Windows 7
(1): launch point checked by answering “No” at the script’s first message box and “Yes” at the message box that follows it or with the “-supp” or “-all” command line parameters
(2): excluding Windows Me
(3): excluding Windows Me, Windows XP SP2/SP3, Windows Vista, and Windows 7
(4): not checked by Silent Runners – reset by IERESET.INF (except Windows Vista and Windows 7)
(5): Internet Explorer 5.01, 5.5 & 6.0 only
(6): only active if UtilMan service running


Last Updated: 09 November 2009
Copyright 2009 by Andrew Aronoff