对安全有威胁的注册表位置&WINDOWS自动启动键值详解 贴出(规则支持通配符*),供大家参考: 自动运行 ------------------------- HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run*** HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Run*** HKEY_LOCAL_MACHINE/System/*controlset*/Control/Session managerBootExecute HKEY_CURRENT_USER/Software/Microsoft/Windows nt/Currentversion/Windowsload HKEY_CURRENT_USER/Software/Microsoft/Windows nt/Currentversion/Windowsrun HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Policies/Explorer/Run* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Policies/Explorer/Run* HKEY_CURRENT_USER/Software/Policies/Microsoft/Windows/System/Scripts* HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Explorer/Shell foldersStartup HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Runonce* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runonce* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runonceex* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runservices* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Shell foldersCommon Startup HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/User shell foldersCommon Startup HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Explorer/User shell foldersStartup HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Inifilemapping** 驱动/服务相关 ---------------------------- HKEY_LOCAL_MACHINE/System/*controlset*/Services/* HKEY_LOCAL_MACHINE/System/*controlset*/Services/*imagepath HKEY_LOCAL_MACHINE/System/*controlset*/Control/Safeboot*** HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Shellserviceobjectdelayload** 文件关联 ------------------------- HKEY_CLASSES_ROOT/Exefile/Shell/Open/Command* HKEY_CLASSES_ROOT/Comfile/Shell/Open/Command* HKEY_CLASSES_ROOT/Batfile/Shell/Open/Command* HKEY_CLASSES_ROOT/Piffile/Shell/Open/Command* HKEY_CLASSES_ROOT/.bat* HKEY_CLASSES_ROOT/.cmd* HKEY_CLASSES_ROOT/.exe* HKEY_CLASSES_ROOT/.txt* HKEY_CLASSES_ROOT/.pif* HKEY_CLASSES_ROOT/Txtfile/Shell/Open/Command* HKEY_CLASSES_ROOT/.com* HKEY_CLASSES_ROOT/Comfile* HKEY_CLASSES_ROOT/.reg* HKEY_CLASSES_ROOT/Regfile/Shell/Open/Command* HKEY_CLASSES_ROOT/.inf* HKEY_CLASSES_ROOT/Inffile/Shell/Open/Command* HKEY_CLASSES_ROOT/.hlp* HKEY_CLASSES_ROOT/Hlpfile/Shell/Open/Command* HKEY_CLASSES_ROOT/.chm* HKEY_CLASSES_ROOT/Chm.file/Shell/Open/Command* 网络保护 ----------------------- HKEY_LOCAL_MACHINE/System/*controlset*/Services/Winsock2*** HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Policies/Network* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Policies/Network* HKEY_LOCAL_MACHINE/System/*controlset*/Services/Tcpip/ParametersDataBasePath HKEY_LOCAL_MACHINE/System/*controlset*/Services/Tcpip/Parameters/Interfaces*** HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windows/Windowsupdate** HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windowsfirewall*** HKEY_CURRENT_USER/Software/Policies/Microsoft/Windows/Windowsupdate** HKEY_CURRENT_USER/Software/Policies/Microsoft/Windowsfirewall*** HKEY_LOCAL_MACHINE/System/Currentcontrolset/Services/Sharedaccess/Parameters/Firewallpolicy* 特殊注册表项目 ----------------------- HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/WindowsAppInit_DLLs HKEY_LOCAL_MACHINE/System/*controlset*/Control/Session manager*FileRenameOpe... HKEY_CURRENT_USER/Control panel/Don';t load* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Control panel/Don';t load* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Policies/System* HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Policies/System* HKEY_CURRENT_USER/Control panel/Desktopscrnsave.exe HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Image file execution options*** HKEY_LOCAL_MACHINE/Software/Microsoft/Security center* HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windows/Safer/Codeidentifiers/0/Paths* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Shellexecutehooks** HKEY_CURRENT_USER/Software/Microsoft/Command processorAutorun HKEY_LOCAL_MACHINE/Software/Microsoft/Command processorAutoRun HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Policies* HKEY_CLASSES_ROOT/Clsid/{e6fb5e20-de35-11cf-9c87-00aa005127ed}* HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon/Notify** HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Sharedtaskscheduler** HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Svchost** |
作者: ![]() |
回 复:浏览器保护 |
|
流氓及恶意程序保护
------------------------------------
HKEY_CLASSES_ROOT/Cns**
HKEY_CURRENT_USER/Software/3721 *
HKEY_LOCAL_MACHINE/Software/3721 *
HKEY_LOCAL_MACHINE/Software/Classes/Cns* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run/Helper.dll*
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Menuext/!搜一搜 *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Advancedoptions/!cns*
HKEY_LOCAL_MACHINE/System/Controlset*/Enum/Root/Legacy_cnsmink*
HKEY_LOCAL_MACHINE/System/Controlset*/Services/Cnsminkp *
HKEY_CLASSES_ROOT/Assist* *
HKEY_CLASSES_ROOT/Autolive* *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Main/Cns* *
HKEY_CLASSES_ROOT/Adkiller* *
HKEY_LOCAL_MACHINE/Software/Classes/Adkiller**
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Activex compatibility/{1b0e7716-898e-4...*
HKEY_CLASSES_ROOT/Coolbar**
HKEY_LOCAL_MACHINE/Software/Classes/Coolbar* *
HKEY_CURRENT_USER/Software/Yahoo*
HKEY_LOCAL_MACHINE/Software/Yahoo*
HKEY_CLASSES_ROOT/Zschkfile*
HKEY_CLASSES_ROOT/Ebay**
HKEY_USERS/S-1-5-**/Software/Microsoft/Internet explorer/Menuext/*ebay**
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run/Ebay* *
HKEY_CLASSES_ROOT/Applications/Pig* *
HKEY_LOCAL_MACHINE/Software/Classes/Applications/Pig**
HKEY_LOCAL_MACHINE/Software/Miranda *
HKEY_USERS/S-1-5-*/Software/Bcgp appwizard-generated applications/网络猪*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run/Pig**
HKEY_CLASSES_ROOT/Pig* *
HKEY_CURRENT_USER/Software/Pig**
HKEY_LOCAL_MACHINE/Software/Classes/Pig**
HKEY_CLASSES_ROOT/Filetransferprogressbar* *
HKEY_CLASSES_ROOT/Gif89.gif89* *
HKEY_LOCAL_MACHINE/Software/Classes/Gif89**
HKEY_CLASSES_ROOT/360**
HKEY_CLASSES_ROOT/Hugi**
HKEY_LOCAL_MACHINE/Software/360so*
HKEY_LOCAL_MACHINE/Software/Classes/360main* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run 360Main*.exe
HKEY_LOCAL_MACHINE/Software/Baidu *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Menuext/百度**
HKEY_CLASSES_ROOT/Baidu**
HKEY_CURRENT_USER/Software/Baidu *
HKEY_LOCAL_MACHINE/Software/Classes/Mimefilter**
HKEY_CLASSES_ROOT/Mimefilter* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper object...*
HKEY_LOCAL_MACHINE/Software/Blogchina*
HKEY_CLASSES_ROOT/Bocai**
HKEY_LOCAL_MACHINE/Software/Classes/Bocai* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Toolbar/{4da2ee61-6399-4c39-aeb9-0d... *
HKEY_LOCAL_MACHINE/System/Currentcontrolset/Services/Cdn**
HKEY_CURRENT_USER/Software/Cnnic *
HKEY_LOCAL_MACHINE/Software/Cnnic *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Advancedoptions/Cdnclient *
HKEY_CLASSES_ROOT/Cdn* *
HKEY_CLASSES_ROOT/Mailparsersvr**
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Extensions/{35980f6e-a137-4e50-953d... *
HKEY_LOCAL_MACHINE/System/*controlset*/Enum/Root/Legacy_cdnprot *
HKEY_CLASSES_ROOT/Applications/Dudu* *
HKEY_CLASSES_ROOT/Ddd* *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Menuext/&使用dudu 加速器下载 *
HKEY_LOCAL_MACHINE/Software/Dudu*
HKEY_USERS/S-1-5-*/Software/Microsoft/Internet explorer/Menuext/&使用dudu 加速器下载 *
HKEY_CLASSES_ROOT/Xpwindow**
HKEY_CLASSES_ROOT/Applications/Henbang**
HKEY_LOCAL_MACHINE/Software/Classes/Applications/Henbang* *
HKEY_CLASSES_ROOT/Downloadstart**
HKEY_LOCAL_MACHINE/Software/Classes/Downloadstart* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper object...*
HKEY_CLASSES_ROOT/Monitor.urlmonitor**
HKEY_LOCAL_MACHINE/Software/Classes/Monitor.urlmonitor* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper object...*
HKEY_LOCAL_MACHINE/Software/World2 *
HKEY_LOCAL_MACHINE/Software/Classes/Hugi* *
HKEY_CLASSES_ROOT/Yisou**
HKEY_CURRENT_USER/Software/Yisou**
HKEY_LOCAL_MACHINE/Software/3721/Yisou *
HKEY_LOCAL_MACHINE/Software/Classes/Yisoubar* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper object...*
HKEY_LOCAL_MACHINE/Software/Yisou*
HKEY_CLASSES_ROOT/Searchm**
HKEY_LOCAL_MACHINE/Software/Classes/Searchm* *
HKEY_CLASSES_ROOT/Clsid/{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}*
HKEY_CLASSES_ROOT/Clsid/{1b0e7716-898e-48cc-9690-4e338e8de1d3}*
HKEY_CLASSES_ROOT/Clsid/{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2} *
HKEY_CLASSES_ROOT/Clsid/{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}*
HKEY_CLASSES_ROOT/Clsid/{abec6103-f6ac-43a3-834f-fb03fba339a2} *
HKEY_CLASSES_ROOT/Clsid/{b83fc273-3522-4cc6-92ec-75cc86678da4}*
HKEY_CLASSES_ROOT/Clsid/{bb936323-19fa-4521-ba29-eca6a121bc78} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{141a5e19-bdcb-4e27-a3d7-9e16503bc05b} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{1b0e7716-898e-48cc-9690-4e338e8de1d3} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{38928d50-8a48-44c2-945f-d2f23f771410}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{9eb2b422-c9ee-46c4-a471-1e79c7517b1d} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{abec6103-f6ac-43a3-834f-fb03fba339a2}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{b83fc273-3522-4cc6-92ec-75cc86678da4} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{bb936323-19fa-4521-ba29-eca6a121bc78}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{57421194-58fb-49ae-9b4f-fd48869b9ad4}*
HKEY_CLASSES_ROOT/Clsid/{57421194-58fb-49ae-9b4f-fd48869b9ad4} *
HKEY_CLASSES_ROOT/Clsid/{406f94f0-504f-4a40-8dfd-58b0666abebd}*
HKEY_CLASSES_ROOT/Clsid/{fe3ecae7-0a37-4506-8a7d-3cc9a04d2ca8}*
HKEY_CLASSES_ROOT/Clsid/{38928d50-8a48-44c2-945f-d2f23f771410} *
HKEY_CLASSES_ROOT/Clsid/{17f1c8e8-b99b-4d85-927b-a0ee7290455a} *
HKEY_CLASSES_ROOT/Clsid/{af53d70e-29df-443a-92aa-9c314af5871e} *
HKEY_CLASSES_ROOT/Clsid/{22d8e815-4a5e-4dfb-845e-aab64207f5bd}*
HKEY_CLASSES_ROOT/Clsid/{92085ad4-f48a-450d-bd93-b28cc7df67ce} *
HKEY_CLASSES_ROOT/Clsid/{b7856497-7097-424a-b03c-557aca6477b4}*
HKEY_CLASSES_ROOT/Clsid/{bc0fa0e8-0e7a-4836-b6ea-6e6880f4522c}*
HKEY_CLASSES_ROOT/Clsid/{28d47530-cf84-11d1-834c-00a0249f0c28} *
HKEY_CLASSES_ROOT/Clsid/{4b946315-e88c-4fe9-9c51-d9277ba85acc}*
HKEY_CLASSES_ROOT/Clsid/{b580cf65-e151-49c3-b73f-70b13fca8e86}*
HKEY_CLASSES_ROOT/Clsid/{a7f05ee4-0426-454f-8013-c41e3596e9e9}*
HKEY_CLASSES_ROOT/Clsid/{fe14f22e-be14-4f08-a80f-f27bc3a67b2d}*
HKEY_CLASSES_ROOT/Clsid/{4da2ee61-6399-4c39-aeb9-0d990e610d29} *
HKEY_CLASSES_ROOT/Clsid/{461a86f7-a29d-460a-80d5-52979aa6c46d} *
HKEY_CLASSES_ROOT/Clsid/{9a578c98-3c2f-4630-890b-fc04196ef420}*
HKEY_CLASSES_ROOT/Clsid/{d449eb58-55af-4695-b216-895d546aed89}*
HKEY_CLASSES_ROOT/Clsid/{35980f6e-a137-4e50-953d-813bb8556899}*
HKEY_CLASSES_ROOT/Clsid/{8135ef31-fe8c-4c6e-a18a-f59944c3a488}*
HKEY_CLASSES_ROOT/Clsid/{915e63f4-4733-401e-8556-6559b30a4c5a} *
HKEY_CLASSES_ROOT/Clsid/{6bde1669-b490-48e3-b668-456314f2d6c3} *
HKEY_CLASSES_ROOT/Clsid/{ffd95f65-f5e4-4ab8-b7f9-f61f13878a04}*
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Extensions/{3db9f45e-aa74-4373-a466... *
HKEY_CLASSES_ROOT/Clsid/{2d6f6bff-1796-4779-9ba3-5f20f17e5cea}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{2d6f6bff-1796-4779-9ba3-5f20f17e5cea} *
HKEY_CLASSES_ROOT/Clsid/{616d4040-5712-4f0f-bcf1-5c6420a99e14}*
HKEY_CLASSES_ROOT/Clsid/{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}*
HKEY_CLASSES_ROOT/Clsid/{f43bd772-abdd-43b7-a96a-3e9e61946ec0} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{f43bd772-abdd-43b7-a96a-3e9e61946ec0}*
HKEY_CLASSES_ROOT/Clsid/{115f6e46-fcbc-41ed-b3b5-3bddd4aab5e5}*
HKEY_CLASSES_ROOT/Clsid/{db4f72f5-fa97-4424-a8cd-758feae6861f}*
HKEY_CLASSES_ROOT/Clsid/{ef1d17a9-089f-40cc-8d64-7324cdeba0db} *
HKEY_CLASSES_ROOT/Clsid/{594be7b2-23b0-4fae-a2b9-0c21cc1417ce}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{594be7b2-23b0-4fae-a2b9-0c21cc1417ce} *
HKEY_LOCAL_MACHINE/Software/Stdup *
HKEY_CURRENT_USER/Software/Stdup *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Activex compatibility/{9a578c98-3c2f-46...*
HKEY_LOCAL_MACHINE/System/Currentcontrolset/Services/Universal disk manager *
系统初始化及用户登录
---------------------------
HKEY_CURRENT_USER/Software/Microsoft/Windows nt/Currentversion/Winlogon GinaDLL
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon taskman
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon Shell
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon/Notify* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon System
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon Userinit
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon VmApplet
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon *
RunDll32 应用程序规则
--------------------------
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Run *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runonce *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runonceex *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runservices *
HKEY_USERS/.default/Software/Microsoft/Windows/Currentversion/Run *
WINDOWS自动启动键值详解
我们经常会遇到许多不请自来自己启动的程序,还有许多是我们不想让它启动的程序,不要以为管好了“开始→程序→启动”菜单就万事大吉,实际上,在Windows XP/2K中,让Windows自动启动程序的办法很多,下文告诉你最重要的两个文件夹和八个注册键。看看里面有哪些是你不想要的,请按“del”键。
文件夹
一、当前用户专有的启动文件夹 这是许多应用软件自动启动的常用位置,Windows自动启动放入该文件夹的所有快捷方式。用户启动文件夹一般在:/Documents and Settings/<用户名字>/“开始”菜单/程序/启动,其中“<用户名字>”是当前登录的用户帐户名称。
二、对所有用户有效的启动文件夹 这是寻找自动启动程序的第二个重要位置,不管用户用什么身份登录系统,放入该文件夹的快捷方式总是自动启动——这是它与用户专有的启动文件夹的区别所在。该文件夹一般在:/Documents and Settings/All Users/“开始”菜单/程序/启动。
注册表
三、Load注册键 介绍该注册键的资料不多,实际上它也能够自动启动程序。位置:HKEY_CURRENT_USER/Software/Microsoft/WindowsNT/CurrentVersion/Windows/load。
四、Userinit注册键 位置:HKEY_LOCAL_MacHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Winlogon/Userinit。这里也能够使系统启动时自动初始化程序。通常该注册键下面有一个userinit.exe。这个键允许指定用逗号分隔的多个程序,例如“userinit.exe,OSA.exe”(不含引号)。
五、Explorer/Run注册键 和load、Userinit不同,Explorer/Run键在HKEY_CURRENT_USER和HKEY_LOCAL_MACHINE下都有,具体位置是:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/PolicIEs/Explorer/Run,和HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run。
六、RunServicesOnce注册键 RunServicesOnce注册键用来启动服务程序,启动时间在用户登录之前,而且先于其他通过注册键启动的程序。RunServicesOnce注册键的位置是:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunServicesOnce,和HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesOnce。
七、RunServices注册键 RunServices注册键指定的程序紧接RunServicesOnce指定的程序之后运行,但两者都在用户登录之前。RunServices的位置是:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/ RunServices,和HKEY_LOCAL_MacHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices。
八、RunOnce/Setup注册键 RunOnce/Setup指定了用户登录之后运行的程序,它的位置是:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunOnce/Setup,和HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce/Setup。
九、RunOnce注册键 安装程序通常用RunOnce键自动运行程序,它的位置在HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce和HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunOnce。HKEY_LOCAL_MACHINE下面的RunOnce键会在用户登录之后立即运行程序,运行时机在其他Run键指定的程序之前。HKEY_CURRENT_USER下面的RunOnce键在操作系统处理其他Run键以及“启动”文件夹的内容之后运行。如果是XP,你还需要检查一下HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEx。
十、Run注册键 Run是自动运行程序最常用的注册键,位置在:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run,和HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run。HKEY_CURRENT_USER下面的Run键紧接HKEY_LOCAL_MACHINE下面的Run键运行,但两者都在处理“启动”文件夹之前。
汇总如下:
/Documents and Settings/<用户名字>/“开始”菜单/程序/启动
/Documents and Settings/All Users/“开始”菜单/程序/启动
HKEY_CURRENT_USER/Software/Microsoft/WindowsNT/CurrentVersion/Windows/load
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/PolicIEs/Explorer/Run
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunServicesOnce
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunServices
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunOnce/Setup
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunOnce
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Winlogon/Userinit
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesOnce
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce/Setup
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEx
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
[本人补充(注册表启动方式)]:
HKCR/ftp/shell/open/command
HKCR/PROTOCOLS
HKCU/Control Panel/Desktop
HKCU/ftp/shell/open/command
HKCU/Software/Microsoft/Command Processor
HKCU/Software/Microsoft/Internet Explorer/UrlSearchHooks
HKCU/Software/Microsoft/ole
HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows
HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/load
HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/run
HKCU/Software/Microsoft/Windows/CurrentVersion/Group Policy Objects/
HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/run/
HKCU/Software/Microsoft/Windows/CurrentVersion/RunOnce/Setup/
HKLM/Software/Classes/Folder/Shellex/ColumnHandlers
HKLM/SOFTWARE/Classes/mailto/shell/open/command
HKLM/SOFTWARE/Classes/PROTOCOLS
HKLM/SOFTWARE/Classes/Protocols/Filter
HKLM/SOFTWARE/Classes/Protocols/Handler
HKLM/SOFTWARE/Microsoft/Active Setup/Installed Components
HKLM/SOFTWARE/Microsoft/Code Store Database/Distribution Units
HKLM/Software/Microsoft/Internet Explorer/Extensions
HKLM/Software/Microsoft/Internet Explorer/Toolbar
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Windows
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Windows/AppInit_DLLs
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Notify
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Shell
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/UIHost
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/Userinit
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/App Management/ARPCache
HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/SharedTaskScheduler
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
HKLM/Software/Microsoft/Windows/CurrentVersion/explorer/Shell folders/Startup
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks
HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/run/
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEx
HKLM/Software/Microsoft/Windows/CurrentVersion/RunServicesOnce/
HKLM/Software/Microsoft/Windows/CurrentVersion/RunServices/
HKLM/Software/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad
HKLM/SOFTWARE/Policies/Microsoft/Windows/System/scrīpts
HKLM/SYSTEM/ControlSet001/Control/Session Manager/BootExecute
HKLM/System/ControlSet001/Session Manager/BootExecute
HKLM/SYSTEM/CurrentControlSet/Control/Lsa
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Notification Packages
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Security Packages
HKLM/SYSTEM/CurrentControlSet/Control/MPRServices
HKLM/SYSTEM/CurrentControlSet/Control/Print/Monitors
HKLM/System/CurrentControlSet/Control/Session Manager
HKLM/System/CurrentControlSet/Control/Session Manager/BootExecute
HKLM/System/CurrentControlSet/Control/Session Manager/KnownDlls
HKLM/System/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/StartupPrograms
HKLM/System/CurrentControlSet/Services/
HKLM/System/CurrentControlSet/Services/VxD/
HKLM/SYSTEM/CurrentControlSet/Services/WinSock2
HKLM/System/CurrentControlSet/Services/WinSock/Parameters/Protocol_Catalog9
HKU/.Default/Software/Microsoft/Windows/CurrentVersion/Run/
HKU/.Default/Software/Microsoft/Windows/CurrentVersion/RunOnce/