HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Windows/AppInit_DLLs
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
开始菜单启动目录
常用文件链接.exe,.txt
后台服务services.msc
IE插件(下列插件位置的含义,请高手解释)
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Extensions/CmdMapping
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Explorer Bars
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/MenuExt
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Toolbar/ShellBrowser
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Toolbar/WebBrowser
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/URLSearchHooks
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/Explorer Bars
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/Extensions
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/Toolbar
硬盘根目录下的Autorun.inf文件,连接到病毒体,一般隐藏,双击打开硬盘就染毒
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon
还有HKEY_CURRENT_USER/Software/Microsoft/WindowsNT/CurrentVersion/Windowsload
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/WinlogonUserinit
以下为Autoruns所要查找的所有地方,都可能被用为启动:HKLM/System/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/StartupPrograms
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/AppSetup
HKLM/Software/Policies/Microsoft/Windows/System/Scripts/Startup
HKCU/Software/Policies/Microsoft/Windows/System/Scripts/Logon
HKLM/Software/Policies/Microsoft/Windows/System/Scripts/Logon
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Userinit
HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/System/Shell
HKCU/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Shell
HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System/Shell
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Shell
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Taskman
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/TerminalServer/Install/Software/Microsoft/Windows/CurrentVersion/Runonce
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/TerminalServer/Install/Software/Microsoft/Windows/CurrentVersion/RunonceEx
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/TerminalServer/Install/Software/Microsoft/Windows/CurrentVersion/Run
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEx
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce
D:/Documents and Settings/All Users.WINDOWS/「开始」菜单/程序/启动
D:/Documents and Settings/username/「开始」菜单/程序/启动
HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/Load
HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/Run
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run
HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run
HKCU/Software/Microsoft/Windows/CurrentVersion/Run
HKCU/Software/Microsoft/Windows/CurrentVersion/RunOnce
HKCU/SOFTWARE/Microsoft/Windows NT/CurrentVersion/TerminalServer/Install/Software/Microsoft/Windows/CurrentVersion/Runonce
HKCU/SOFTWARE/Microsoft/Windows NT/CurrentVersion/TerminalServer/Install/Software/Microsoft/Windows/CurrentVersion/RunonceEx
HKCU/SOFTWARE/Microsoft/Windows NT/CurrentVersion/TerminalServer/Install/Software/Microsoft/Windows/CurrentVersion/Run
HKLM/SOFTWARE/Classes/Protocols/Filter
HKLM/SOFTWARE/Classes/Protocols/Handler
HKCU/SOFTWARE/Microsoft/Internet Explorer/Desktop/Components
HKLM/SOFTWARE/Microsoft/Active Setup/Installed Components
HKCU/SOFTWARE/Microsoft/Active Setup/Installed Components
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/SharedTaskScheduler
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad
HKCU/SOFTWARE/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad
HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks
HKLM/Software/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved
HKCU/Software/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved
HKLM/Software/Classes/Folder/Shellex/ColumnHandlers
HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects
HKCU/Software/Microsoft/Internet Explorer/UrlSearchHooks
HKLM/Software/Microsoft/Internet Explorer/Toolbar
HKCU/Software/Microsoft/Internet Explorer/Explorer Bars
HKLM/Software/Microsoft/Internet Explorer/Explorer Bars
HKCU/Software/Microsoft/Internet Explorer/Extensions
HKLM/Software/Microsoft/Internet Explorer/Extensions
HKLM/System/CurrentControlSet/Services
HKLM/System/CurrentControlSet/Services
HKLM/System/CurrentControlSet/Control/Session Manager/BootExecute
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options
HKLM/Software/Microsoft/Command Processor/Autorun
HKCU/Software/Microsoft/Command Processor/Autorun
HKLM/SOFTWARE/Classes/Exefile/Shell/Open/Command/(Default)
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Windows/Appinit_Dlls
HKLM/System/CurrentControlSet/Control/Session Manager/KnownDlls
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/System
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/UIHost
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Notify
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/GinaDLL
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Taskman
HKCU/Control Panel/Desktop/Scrnsave.exe
HKLM/System/CurrentControlSet/Control/BootVerificationProgram/ImageName
HKLM/System/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9
HKLM/SYSTEM/CurrentControlSet/Control/Print/Monitors
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Notification Packages
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Security Packages
参考地址:
扫一扫
2324
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
