Microsoft’s Sysinternals Autoruns program is hosted by Mark Russinovich and frequently updated by him and his team. The program has a great GUI that allows you to quickly see (and disable) autorunning entries, send file hashes for VirusTotal.com analysis, and run before-and-after comparisons. The real trick is in figuring out which modifications are malicious and which are legitimate. It can be a great way to detect malware and alert responding resources. You need to enable auditing the registry keys in Windows Event logger.”]