|
well hklm\ and or hkcu
\softawre\microsoft\windows\
has runonce and runonce ex keys
they are accessed on boot and run
so you have set a key like cmd \c del blah.exe
it wil run cmd and delte the file during boot
also in this key there is a value PendingFileRenameoperation it takes HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
this key takes multiple file names as arguments and deletes them all during next reboot
|