PacodiazDG/gist:162b26bc65deed5b05050a6111ca567f

## gistfile1.txt
1)  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
2)  HKLM\System\CurrentControlSet\Services  (start value of 0 indicates kernel drivers, which load before kernel initiation)
3)  HKLM\System\CurrentControlSet\Services (start value of 2, auto-start and 3, manual start via SCM)
4)  HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
5)  HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
6)  HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
7)  HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
8)  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
9)  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
10) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
11) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
12) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
13) HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
14) HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
15) HKLM\Software\Microsoft\Windows\CurrentVersion\Run
16) HKCU\Software\Microsoft\Windows\CurrentVersion\Run
17) HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
18) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
19) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
20) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
21) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
22) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler (XP, NT, W2k only)
23) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
	1) HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
	2) HKLM\System\CurrentControlSet\Services (start value of 0 indicates kernel drivers, which load before kernel initiation)
	3) HKLM\System\CurrentControlSet\Services (start value of 2, auto-start and 3, manual start via SCM)
	4) HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
	5) HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
	6) HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
	7) HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
	8) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
	9) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
	10) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
	11) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
	12) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
	13) HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
	14) HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
	15) HKLM\Software\Microsoft\Windows\CurrentVersion\Run
	16) HKCU\Software\Microsoft\Windows\CurrentVersion\Run
	17) HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
	18) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
	19) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
	20) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
	21) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
	22) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler (XP, NT, W2k only)
	23) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs