How to find out how a program started on Windows
From what I have understood after researching on Google, there are two ways of how a program can start on Windows:
- Manual (The user doubled clicked on the executable or shortcut file of the program)
- Automatic:
- Started by another program
Automatic startup can be due to 4 reasons:
- A service, that should be installed
- the windows registry (HKCU\Software\Microsoft\Windows\CurrentVersion\Run)
- a shortcut to it to the startup folder of start menu
- task scheduler
However, I found an invisible window called: UNCServer.exe running on my computer.
I want to stop it but I couldn't find the reason why it is running. I checked everywhere on all the bullets points mentioned above but there is no luck.
Assuming that the task is running right now on my computer, is there a way to know how a program has started on Windows?
If you would use ProcessExplorer, you can find how program started:
From menu: go to View->Select column then switch to tab:Process Image
and check box Autostart location.
This way you can reveal what mechanism program used to autostart.
Make sure to run ProcessExplorer as administrator.
you can use Autoruns tool of Windows Sysinternals for this purpose.
On executing this tool, it will list everything which is automatically executed on your system. You can use search and filter to find what is causing UNCServer.exe to run on your system.
