对安全有威胁的注册表位置&WINDOWS自动启动键值详解

最新推荐文章于 2021-11-18 02:43:52 发布
最新推荐文章于 2021-11-18 02:43:52 发布
阅读量1.1k 收藏
点赞数
分类专栏: Win系统管理 文章标签: windows c search 浏览器 user 360
对安全有威胁的注册表位置&WINDOWS自动启动键值详解

贴出(规则支持通配符*),供大家参考:
自动运行
-------------------------
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run***
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Run***
HKEY_LOCAL_MACHINE/System/*controlset*/Control/Session managerBootExecute
HKEY_CURRENT_USER/Software/Microsoft/Windows nt/Currentversion/Windowsload
HKEY_CURRENT_USER/Software/Microsoft/Windows nt/Currentversion/Windowsrun
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Policies/Explorer/Run*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Policies/Explorer/Run*
HKEY_CURRENT_USER/Software/Policies/Microsoft/Windows/System/Scripts*
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Explorer/Shell foldersStartup
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Runonce*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runonce*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runonceex*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runservices*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Shell foldersCommon Startup
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/User shell foldersCommon Startup
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Explorer/User shell foldersStartup
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Inifilemapping**
驱动/服务相关
----------------------------
HKEY_LOCAL_MACHINE/System/*controlset*/Services/*
HKEY_LOCAL_MACHINE/System/*controlset*/Services/*imagepath
HKEY_LOCAL_MACHINE/System/*controlset*/Control/Safeboot***
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Shellserviceobjectdelayload**
文件关联
-------------------------
HKEY_CLASSES_ROOT/Exefile/Shell/Open/Command*
HKEY_CLASSES_ROOT/Comfile/Shell/Open/Command*
HKEY_CLASSES_ROOT/Batfile/Shell/Open/Command*
HKEY_CLASSES_ROOT/Piffile/Shell/Open/Command*
HKEY_CLASSES_ROOT/.bat*
HKEY_CLASSES_ROOT/.cmd*
HKEY_CLASSES_ROOT/.exe*
HKEY_CLASSES_ROOT/.txt*
HKEY_CLASSES_ROOT/.pif*
HKEY_CLASSES_ROOT/Txtfile/Shell/Open/Command*
HKEY_CLASSES_ROOT/.com*
HKEY_CLASSES_ROOT/Comfile*
HKEY_CLASSES_ROOT/.reg*
HKEY_CLASSES_ROOT/Regfile/Shell/Open/Command*
HKEY_CLASSES_ROOT/.inf*
HKEY_CLASSES_ROOT/Inffile/Shell/Open/Command*
HKEY_CLASSES_ROOT/.hlp*
HKEY_CLASSES_ROOT/Hlpfile/Shell/Open/Command*
HKEY_CLASSES_ROOT/.chm*
HKEY_CLASSES_ROOT/Chm.file/Shell/Open/Command*
网络保护
-----------------------
HKEY_LOCAL_MACHINE/System/*controlset*/Services/Winsock2***
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Policies/Network*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Policies/Network*
HKEY_LOCAL_MACHINE/System/*controlset*/Services/Tcpip/ParametersDataBasePath
HKEY_LOCAL_MACHINE/System/*controlset*/Services/Tcpip/Parameters/Interfaces***
HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windows/Windowsupdate**
HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windowsfirewall***
HKEY_CURRENT_USER/Software/Policies/Microsoft/Windows/Windowsupdate**
HKEY_CURRENT_USER/Software/Policies/Microsoft/Windowsfirewall***
HKEY_LOCAL_MACHINE/System/Currentcontrolset/Services/Sharedaccess/Parameters/Firewallpolicy*
特殊注册表项目
-----------------------
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/WindowsAppInit_DLLs
HKEY_LOCAL_MACHINE/System/*controlset*/Control/Session manager*FileRenameOpe...
HKEY_CURRENT_USER/Control panel/Don';t load*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Control panel/Don';t load*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Policies/System*
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Policies/System*
HKEY_CURRENT_USER/Control panel/Desktopscrnsave.exe
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Image file execution options***
HKEY_LOCAL_MACHINE/Software/Microsoft/Security center*
HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windows/Safer/Codeidentifiers/0/Paths*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Shellexecutehooks**
HKEY_CURRENT_USER/Software/Microsoft/Command processorAutorun
HKEY_LOCAL_MACHINE/Software/Microsoft/Command processorAutoRun
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Policies*
HKEY_CLASSES_ROOT/Clsid/{e6fb5e20-de35-11cf-9c87-00aa005127ed}*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon/Notify**
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Sharedtaskscheduler**
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Svchost**               
作者: weasel  经验值:1201    发言:362  回复:375  写信  发表于:2009_04_26 AM 10:10  回贴:5
回  复:浏览器保护  
浏览器保护
-------------------
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Extensions**          *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Extensions**                  *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Menuext                *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Toolbar                *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper objects*    *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/styles       stylesheet
HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet explorer/Toolbars/Restrictions  *
HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet explorer/Infodelivery/Restrictions        *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Main           Start Page
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Main           Default_Page_U...
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Main           Local Page
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Main       Start Page_bak
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Main       HOMEOldSP
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Main       Search Page
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Main       Default_Search_...
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Main       Start Page
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Main       Default_Page_U...
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Main       Local Page
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Main       Start Page_bak
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Main       HOMEOldSP
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Main       Search Bar
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/MainUse Custom Sea...
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/MainSearch Page
HKEY_USERS/.default/Software/Microsoft/Internet explorer/MainSearch Page
HKEY_USERS/.default/Software/Microsoft/Internet explorer/MainSearch Bar
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/SearchCustomizeSearch
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/SearchSearchAssistant
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/SearchDefault_Search_...
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Internet settings/Zonemap/Ranges***
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Internet settings/Zonemap/Ranges***
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Internet settingsMinLevel
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Internet settingsSafety Warning L...
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Internet settingsTrust Warning Le...
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Internet settingsSecurity_RunActiv...
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Internet settingsSecurity_RunScri...
HKEY_USERS/.default/Software/Microsoft/Windows/Currentversion/Internet settingsMinLevel
HKEY_USERS/.default/Software/Microsoft/Windows/Currentversion/Internet settingsSafety Warning L...
HKEY_USERS/.default/Software/Microsoft/Windows/Currentversion/Internet settingsSecurity_RunActiv...
HKEY_USERS/.default/Software/Microsoft/Windows/Currentversion/Internet settingsSecurity_RunScri...
HKEY_USERS/.default/Software/Microsoft/Windows/Currentversion/Internet settingsTrust Warning Le...
HKEY_CLASSES_ROOT/Protocols/Filter***
HKEY_CLASSES_ROOT/Protocols/Handler***
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Searchurl**        *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Urlsearchhooks**       *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Advancedoptions      *
HKEY_LOCAL_MACHINE/Software/Microsoft/Active setup/Installed components*      *
HKEY_LOCAL_MACHINE/Software/Microsoft/Code store database/Distribution units*    *

流氓及恶意程序保护
------------------------------------
HKEY_CLASSES_ROOT/Cns**
HKEY_CURRENT_USER/Software/3721  *
HKEY_LOCAL_MACHINE/Software/3721 *
HKEY_LOCAL_MACHINE/Software/Classes/Cns* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run/Helper.dll*
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Menuext/!搜一搜 *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Advancedoptions/!cns*
HKEY_LOCAL_MACHINE/System/Controlset*/Enum/Root/Legacy_cnsmink*
HKEY_LOCAL_MACHINE/System/Controlset*/Services/Cnsminkp *
HKEY_CLASSES_ROOT/Assist* *
HKEY_CLASSES_ROOT/Autolive* *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Main/Cns* *
HKEY_CLASSES_ROOT/Adkiller* *
HKEY_LOCAL_MACHINE/Software/Classes/Adkiller**
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Activex compatibility/{1b0e7716-898e-4...*
HKEY_CLASSES_ROOT/Coolbar**
HKEY_LOCAL_MACHINE/Software/Classes/Coolbar* *
HKEY_CURRENT_USER/Software/Yahoo*
HKEY_LOCAL_MACHINE/Software/Yahoo*
HKEY_CLASSES_ROOT/Zschkfile*
HKEY_CLASSES_ROOT/Ebay**
HKEY_USERS/S-1-5-**/Software/Microsoft/Internet explorer/Menuext/*ebay**
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run/Ebay* *
HKEY_CLASSES_ROOT/Applications/Pig* *
HKEY_LOCAL_MACHINE/Software/Classes/Applications/Pig**
HKEY_LOCAL_MACHINE/Software/Miranda *
HKEY_USERS/S-1-5-*/Software/Bcgp appwizard-generated applications/网络猪*
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run/Pig**
HKEY_CLASSES_ROOT/Pig* *
HKEY_CURRENT_USER/Software/Pig**
HKEY_LOCAL_MACHINE/Software/Classes/Pig**
HKEY_CLASSES_ROOT/Filetransferprogressbar* *
HKEY_CLASSES_ROOT/Gif89.gif89* *
HKEY_LOCAL_MACHINE/Software/Classes/Gif89**
HKEY_CLASSES_ROOT/360**
HKEY_CLASSES_ROOT/Hugi**
HKEY_LOCAL_MACHINE/Software/360so*
HKEY_LOCAL_MACHINE/Software/Classes/360main* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run 360Main*.exe
HKEY_LOCAL_MACHINE/Software/Baidu *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Menuext/百度**
HKEY_CLASSES_ROOT/Baidu**
HKEY_CURRENT_USER/Software/Baidu *
HKEY_LOCAL_MACHINE/Software/Classes/Mimefilter**
HKEY_CLASSES_ROOT/Mimefilter* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper object...*
HKEY_LOCAL_MACHINE/Software/Blogchina*
HKEY_CLASSES_ROOT/Bocai**
HKEY_LOCAL_MACHINE/Software/Classes/Bocai* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Toolbar/{4da2ee61-6399-4c39-aeb9-0d... *
HKEY_LOCAL_MACHINE/System/Currentcontrolset/Services/Cdn**
HKEY_CURRENT_USER/Software/Cnnic *
HKEY_LOCAL_MACHINE/Software/Cnnic *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Advancedoptions/Cdnclient *
HKEY_CLASSES_ROOT/Cdn* *
HKEY_CLASSES_ROOT/Mailparsersvr**
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Extensions/{35980f6e-a137-4e50-953d... *
HKEY_LOCAL_MACHINE/System/*controlset*/Enum/Root/Legacy_cdnprot *
HKEY_CLASSES_ROOT/Applications/Dudu* *
HKEY_CLASSES_ROOT/Ddd* *
HKEY_CURRENT_USER/Software/Microsoft/Internet explorer/Menuext/&使用dudu 加速器下载 *
HKEY_LOCAL_MACHINE/Software/Dudu*
HKEY_USERS/S-1-5-*/Software/Microsoft/Internet explorer/Menuext/&使用dudu 加速器下载 *
HKEY_CLASSES_ROOT/Xpwindow**
HKEY_CLASSES_ROOT/Applications/Henbang**
HKEY_LOCAL_MACHINE/Software/Classes/Applications/Henbang* *
HKEY_CLASSES_ROOT/Downloadstart**
HKEY_LOCAL_MACHINE/Software/Classes/Downloadstart* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper object...*
HKEY_CLASSES_ROOT/Monitor.urlmonitor**
HKEY_LOCAL_MACHINE/Software/Classes/Monitor.urlmonitor* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper object...*
HKEY_LOCAL_MACHINE/Software/World2 *
HKEY_LOCAL_MACHINE/Software/Classes/Hugi* *
HKEY_CLASSES_ROOT/Yisou**
HKEY_CURRENT_USER/Software/Yisou**
HKEY_LOCAL_MACHINE/Software/3721/Yisou *
HKEY_LOCAL_MACHINE/Software/Classes/Yisoubar* *
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Explorer/Browser helper object...*
HKEY_LOCAL_MACHINE/Software/Yisou*
HKEY_CLASSES_ROOT/Searchm**
HKEY_LOCAL_MACHINE/Software/Classes/Searchm* *
HKEY_CLASSES_ROOT/Clsid/{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}*
HKEY_CLASSES_ROOT/Clsid/{1b0e7716-898e-48cc-9690-4e338e8de1d3}*
HKEY_CLASSES_ROOT/Clsid/{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2} *
HKEY_CLASSES_ROOT/Clsid/{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}*
HKEY_CLASSES_ROOT/Clsid/{abec6103-f6ac-43a3-834f-fb03fba339a2} *
HKEY_CLASSES_ROOT/Clsid/{b83fc273-3522-4cc6-92ec-75cc86678da4}*
HKEY_CLASSES_ROOT/Clsid/{bb936323-19fa-4521-ba29-eca6a121bc78} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{141a5e19-bdcb-4e27-a3d7-9e16503bc05b} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{1b0e7716-898e-48cc-9690-4e338e8de1d3} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{38928d50-8a48-44c2-945f-d2f23f771410}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{9eb2b422-c9ee-46c4-a471-1e79c7517b1d} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{abec6103-f6ac-43a3-834f-fb03fba339a2}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{b83fc273-3522-4cc6-92ec-75cc86678da4} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{bb936323-19fa-4521-ba29-eca6a121bc78}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{57421194-58fb-49ae-9b4f-fd48869b9ad4}*
HKEY_CLASSES_ROOT/Clsid/{57421194-58fb-49ae-9b4f-fd48869b9ad4} *
HKEY_CLASSES_ROOT/Clsid/{406f94f0-504f-4a40-8dfd-58b0666abebd}*
HKEY_CLASSES_ROOT/Clsid/{fe3ecae7-0a37-4506-8a7d-3cc9a04d2ca8}*
HKEY_CLASSES_ROOT/Clsid/{38928d50-8a48-44c2-945f-d2f23f771410} *
HKEY_CLASSES_ROOT/Clsid/{17f1c8e8-b99b-4d85-927b-a0ee7290455a} *
HKEY_CLASSES_ROOT/Clsid/{af53d70e-29df-443a-92aa-9c314af5871e} *
HKEY_CLASSES_ROOT/Clsid/{22d8e815-4a5e-4dfb-845e-aab64207f5bd}*
HKEY_CLASSES_ROOT/Clsid/{92085ad4-f48a-450d-bd93-b28cc7df67ce} *
HKEY_CLASSES_ROOT/Clsid/{b7856497-7097-424a-b03c-557aca6477b4}*
HKEY_CLASSES_ROOT/Clsid/{bc0fa0e8-0e7a-4836-b6ea-6e6880f4522c}*
HKEY_CLASSES_ROOT/Clsid/{28d47530-cf84-11d1-834c-00a0249f0c28} *
HKEY_CLASSES_ROOT/Clsid/{4b946315-e88c-4fe9-9c51-d9277ba85acc}*
HKEY_CLASSES_ROOT/Clsid/{b580cf65-e151-49c3-b73f-70b13fca8e86}*
HKEY_CLASSES_ROOT/Clsid/{a7f05ee4-0426-454f-8013-c41e3596e9e9}*
HKEY_CLASSES_ROOT/Clsid/{fe14f22e-be14-4f08-a80f-f27bc3a67b2d}*
HKEY_CLASSES_ROOT/Clsid/{4da2ee61-6399-4c39-aeb9-0d990e610d29} *
HKEY_CLASSES_ROOT/Clsid/{461a86f7-a29d-460a-80d5-52979aa6c46d} *
HKEY_CLASSES_ROOT/Clsid/{9a578c98-3c2f-4630-890b-fc04196ef420}*
HKEY_CLASSES_ROOT/Clsid/{d449eb58-55af-4695-b216-895d546aed89}*
HKEY_CLASSES_ROOT/Clsid/{35980f6e-a137-4e50-953d-813bb8556899}*
HKEY_CLASSES_ROOT/Clsid/{8135ef31-fe8c-4c6e-a18a-f59944c3a488}*
HKEY_CLASSES_ROOT/Clsid/{915e63f4-4733-401e-8556-6559b30a4c5a} *
HKEY_CLASSES_ROOT/Clsid/{6bde1669-b490-48e3-b668-456314f2d6c3} *
HKEY_CLASSES_ROOT/Clsid/{ffd95f65-f5e4-4ab8-b7f9-f61f13878a04}*
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Extensions/{3db9f45e-aa74-4373-a466... *
HKEY_CLASSES_ROOT/Clsid/{2d6f6bff-1796-4779-9ba3-5f20f17e5cea}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{2d6f6bff-1796-4779-9ba3-5f20f17e5cea} *
HKEY_CLASSES_ROOT/Clsid/{616d4040-5712-4f0f-bcf1-5c6420a99e14}*
HKEY_CLASSES_ROOT/Clsid/{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}*
HKEY_CLASSES_ROOT/Clsid/{f43bd772-abdd-43b7-a96a-3e9e61946ec0} *
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{f43bd772-abdd-43b7-a96a-3e9e61946ec0}*
HKEY_CLASSES_ROOT/Clsid/{115f6e46-fcbc-41ed-b3b5-3bddd4aab5e5}*
HKEY_CLASSES_ROOT/Clsid/{db4f72f5-fa97-4424-a8cd-758feae6861f}*
HKEY_CLASSES_ROOT/Clsid/{ef1d17a9-089f-40cc-8d64-7324cdeba0db} *
HKEY_CLASSES_ROOT/Clsid/{594be7b2-23b0-4fae-a2b9-0c21cc1417ce}*
HKEY_LOCAL_MACHINE/Software/Classes/Clsid/{594be7b2-23b0-4fae-a2b9-0c21cc1417ce} *
HKEY_LOCAL_MACHINE/Software/Stdup *
HKEY_CURRENT_USER/Software/Stdup *
HKEY_LOCAL_MACHINE/Software/Microsoft/Internet explorer/Activex compatibility/{9a578c98-3c2f-46...*
HKEY_LOCAL_MACHINE/System/Currentcontrolset/Services/Universal disk manager *

 

系统初始化及用户登录                                                                         
---------------------------                                                                  
HKEY_CURRENT_USER/Software/Microsoft/Windows nt/Currentversion/Winlogon             GinaDLL  
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon            taskman  
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon            Shell    
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon/Notify*      *      
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon            System   
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon            Userinit 
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon            VmApplet 
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows nt/Currentversion/Winlogon            *        
RunDll32 应用程序规则                                                                        
--------------------------                                                                   
HKEY_CURRENT_USER/Software/Microsoft/Windows/Currentversion/Run                 *            
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Run                 *           
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runonce            *            
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runonceex          *            
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Currentversion/Runservices          *          
HKEY_USERS/.default/Software/Microsoft/Windows/Currentversion/Run                    *  

 

WINDOWS自动启动键值详解

      我们经常会遇到许多不请自来自己启动的程序,还有许多是我们不想让它启动的程序,不要以为管好了“开始→程序→启动”菜单就万事大吉,实际上,在Windows XP/2K中,让Windows自动启动程序的办法很多,下文告诉你最重要的两个文件夹和八个注册键。看看里面有哪些是你不想要的,请按“del”键。 

      文件夹 

      一、当前用户专有的启动文件夹 这是许多应用软件自动启动的常用位置,Windows自动启动放入该文件夹的所有快捷方式。用户启动文件夹一般在:/Documents and Settings/<用户名字>/“开始”菜单/程序/启动,其中“<用户名字>”是当前登录的用户帐户名称。

      二、对所有用户有效的启动文件夹 这是寻找自动启动程序的第二个重要位置,不管用户用什么身份登录系统,放入该文件夹的快捷方式总是自动启动——这是它与用户专有的启动文件夹的区别所在。该文件夹一般在:/Documents and Settings/All Users/“开始”菜单/程序/启动。 

       注册表 

       三、Load注册键 介绍该注册键的资料不多,实际上它也能够自动启动程序。位置:HKEY_CURRENT_USER/Software/Microsoft/WindowsNT/CurrentVersion/Windows/load。

       四、Userinit注册键 位置:HKEY_LOCAL_MacHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Winlogon/Userinit。这里也能够使系统启动时自动初始化程序。通常该注册键下面有一个userinit.exe。这个键允许指定用逗号分隔的多个程序,例如“userinit.exe,OSA.exe”(不含引号)。

       五、Explorer/Run注册键 和load、Userinit不同,Explorer/Run键在HKEY_CURRENT_USER和HKEY_LOCAL_MACHINE下都有,具体位置是:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/PolicIEs/Explorer/Run,和HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run。

       六、RunServicesOnce注册键 RunServicesOnce注册键用来启动服务程序,启动时间在用户登录之前,而且先于其他通过注册键启动的程序。RunServicesOnce注册键的位置是:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunServicesOnce,和HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesOnce。 

       七、RunServices注册键 RunServices注册键指定的程序紧接RunServicesOnce指定的程序之后运行,但两者都在用户登录之前。RunServices的位置是:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/ RunServices,和HKEY_LOCAL_MacHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices。

       八、RunOnce/Setup注册键 RunOnce/Setup指定了用户登录之后运行的程序,它的位置是:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunOnce/Setup,和HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce/Setup。

       九、RunOnce注册键 安装程序通常用RunOnce键自动运行程序,它的位置在HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce和HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunOnce。HKEY_LOCAL_MACHINE下面的RunOnce键会在用户登录之后立即运行程序,运行时机在其他Run键指定的程序之前。HKEY_CURRENT_USER下面的RunOnce键在操作系统处理其他Run键以及“启动”文件夹的内容之后运行。如果是XP,你还需要检查一下HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEx。 
   
      十、Run注册键 Run是自动运行程序最常用的注册键,位置在:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run,和HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run。HKEY_CURRENT_USER下面的Run键紧接HKEY_LOCAL_MACHINE下面的Run键运行,但两者都在处理“启动”文件夹之前。               


汇总如下: 
/Documents and Settings/<用户名字>/“开始”菜单/程序/启动 
/Documents and Settings/All Users/“开始”菜单/程序/启动 
HKEY_CURRENT_USER/Software/Microsoft/WindowsNT/CurrentVersion/Windows/load 
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/PolicIEs/Explorer/Run 
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunServicesOnce 
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunServices 
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunOnce/Setup 
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/RunOnce 
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run 
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Winlogon/Userinit 
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run 
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesOnce 
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices 
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce/Setup 
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce 
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEx 
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run

[本人补充(注册表启动方式)]:
HKCR/ftp/shell/open/command
HKCR/PROTOCOLS
HKCU/Control Panel/Desktop
HKCU/ftp/shell/open/command
HKCU/Software/Microsoft/Command Processor
HKCU/Software/Microsoft/Internet Explorer/UrlSearchHooks
HKCU/Software/Microsoft/ole
HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows
HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/load
HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/run
HKCU/Software/Microsoft/Windows/CurrentVersion/Group Policy Objects/
HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/run/
HKCU/Software/Microsoft/Windows/CurrentVersion/RunOnce/Setup/
HKLM/Software/Classes/Folder/Shellex/ColumnHandlers
HKLM/SOFTWARE/Classes/mailto/shell/open/command
HKLM/SOFTWARE/Classes/PROTOCOLS
HKLM/SOFTWARE/Classes/Protocols/Filter
HKLM/SOFTWARE/Classes/Protocols/Handler
HKLM/SOFTWARE/Microsoft/Active Setup/Installed Components
HKLM/SOFTWARE/Microsoft/Code Store Database/Distribution Units
HKLM/Software/Microsoft/Internet Explorer/Extensions
HKLM/Software/Microsoft/Internet Explorer/Toolbar
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Windows
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Windows/AppInit_DLLs
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Notify
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Shell
HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/UIHost
HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/Userinit
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/App Management/ARPCache
HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/SharedTaskScheduler
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
HKLM/Software/Microsoft/Windows/CurrentVersion/explorer/Shell folders/Startup
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks
HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/run/
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEx
HKLM/Software/Microsoft/Windows/CurrentVersion/RunServicesOnce/
HKLM/Software/Microsoft/Windows/CurrentVersion/RunServices/
HKLM/Software/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad
HKLM/SOFTWARE/Policies/Microsoft/Windows/System/scrīpts
HKLM/SYSTEM/ControlSet001/Control/Session Manager/BootExecute
HKLM/System/ControlSet001/Session Manager/BootExecute
HKLM/SYSTEM/CurrentControlSet/Control/Lsa
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Notification Packages
HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Security Packages
HKLM/SYSTEM/CurrentControlSet/Control/MPRServices
HKLM/SYSTEM/CurrentControlSet/Control/Print/Monitors
HKLM/System/CurrentControlSet/Control/Session Manager
HKLM/System/CurrentControlSet/Control/Session Manager/BootExecute
HKLM/System/CurrentControlSet/Control/Session Manager/KnownDlls
HKLM/System/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/StartupPrograms
HKLM/System/CurrentControlSet/Services/
HKLM/System/CurrentControlSet/Services/VxD/
HKLM/SYSTEM/CurrentControlSet/Services/WinSock2
HKLM/System/CurrentControlSet/Services/WinSock/Parameters/Protocol_Catalog9
HKU/.Default/Software/Microsoft/Windows/CurrentVersion/Run/
HKU/.Default/Software/Microsoft/Windows/CurrentVersion/RunOnce/

syf442
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
对Mydoom.a的shimgapi.dll的分析
sunwear的专栏
02-15 2064
tombkeeper#whitecell.orgMydoom.a的后门是以dll形式存在的,通过修改注册表相应键值,将自己加载到资源管理器的进程空间中。正常情况下,注册表应该是这个样子的:HKEY_CLASSES_ROOT/CLSID/{E6FB5E20-DE35-11CF-9C87-00AA005127ED}/InProcServer32       REG_EXPAND_SZ   %Syste
Windows注册表键值监控
05-30
windows注册表项的监控,当指定注册表发生变化时给出提示
windows安全必须关注的注册表键值
weixin_33989058的博客
02-09 276
(1)Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre...
病毒防护与注册表
weixin_33901641的博客
04-09 285
最近在准备病毒防护的课程,正好整理出几篇博文出来和大家分享。 电脑病毒实际上一段恶意代码,通常比较小,只有几百或1k字节,大多致力于破坏操作系统功能,窃取或毁坏数据,这个大家可能都深有体会,也有个别纯属恶搞的,这样的病毒对电脑没什么危害,因为是冲着人去的,比如说女鬼病毒,就是屏幕上突然出现一个全屏的女鬼图片并伴有尖叫,还有的病毒会让光驱自己弹出来再收回去,你说大半夜的...
梳理注册表的一些危险操作,注册表安全配置,以及对于注册表的总结
Duncelhy的博客
06-16 2503
本次文章为大家梳理一些注册表常见的危险操作,希望可以帮大家规避一些在日常使用中可能会遇到的问题。 映象劫持IFEO(Image File Execution Options) 在低版本的windows中,我们可以简单地替换程序,但是在高版本的windows中替换的文件收到了系统的保护,所以这里我们要使用另外一个知识点:“映像劫持”。 是为一些在默认环境中运行时可能引发错误的程序执行体提供特殊的环境设定。由于这个项主要是用来调试程序用的,对一般用户意义不大。默认是只有管理员和local system有权读写修
开机启动方法大全
yjh0628的专栏
08-22 923
<br />ShellServiceObjectDelayLoad是一个未公布的注册表项,可以将组件关联到这个键,这样一来,系统启动时间EXPLORER将自动加载目标组件.这就是某些病毒将自己注射到EXPLORER的办法.我们经常会遇到这样的事情,IeXPLORER的首页设置为BLANK,注册表RUN键的值也为空,但就是每隔一会儿有莫名其妙的网页自动弹出,这就是ShellServiceObjectDelayLoad在搞鬼。O21 - 注册表键 ShellServiceObjectDelayLoad (SSO
禁用Win10自动更新
飞奔的五花肉博客
11-18 1854
文章目录组策略--指定Intranet microsoft 更新服务位置(可能已失效)注册表修改--NoWindowsUpdate(未测)注册表修改2--NoWindowsUpdate(已测) 组策略–指定Intranet microsoft 更新服务位置(可能已失效) 具体操作: win+R输入“gpedit.msc”打开组策略, 在“计算机配置–>管理模板–>windows组件–>Windows更新” 找到“指定Intranet microsoft更新服务位置”, 双击打开,启用,随
对VS升级SP2补丁,出现错误 1718。 文件被数字签名策略拒绝错误的解决办法
轻舞肥羊
07-03 1187
MSDN: http://support.microsoft.com/kb/925336 1. 然后单击 确定 、 开始 , 键入 regedit , 和 运行 。 2. 中注册表编辑器, 找到并单击以下注册表项: HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windows/Safer/CodeIdentifiers          
IE中文件下载的提示框中去掉了"打开此类文件前总是询问"的复选框之后怎么恢复
Coder Ben
09-01 1853
原文链接:http://zhidao.baidu.com/question/83166824.html   这里补充一点,在WIN7上也是和VISTA的处理方式一样,即   WIN7: 修改注册表:开始->运行->输入"regedit"->回车->找到HKEY_CURRENT_USER\Software \Microsoft\Windows\Shell\AttachmentExecute\{
如何通过修改注册表关闭、开启windows10内置Windows Defender安全中心
热门推荐
AnsonNie的博客
04-17 1万+
1、win+R输入regedit,按回车键进入注册表编辑器。 2、定位到 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService 3、在右侧找到DWORD(32位)值,命名为Start,修改数值数据为4。 4、注销再登录/重启系统。 5、此时会看到Windows Defender安全中心不再出现,再配...
Windows 7注册表键值的权限问题以及提升权限的方法
CoolCode
01-30 5933
Summary] The privilege problem of registry key value and the method how to promote privilege in Windows 7   在我们解决Windows系统问题或者对系统的某些功能进行设置的时候,经常会需要用到注册表编辑器对注册表键值进行修改。 但是如果注册表键值是被其他软件更改的,往往也会将权限一起更改
Windows 如何注册自己的伪协议
HelloKandy's Blog
02-02 2054
介绍伪协议前先介绍一下协议是什么。这里说到的协议不是指网络上的TCP/IP协议,而是操作系统提供支持的一种协议,类似标准协议HTTP, FTP。自定义协议叫做伪协议。 如何注册一个伪协议? 操作系统的协议都写在注册表[HKEY_CLASSES_ROOT]的KEY值下,我们在注册表内添加一项对我们软件支持的协议标志即可!
windows黑客编程系列(四):修改注册表键值对之自启动
至臻求学,胸怀云月
04-17 2514
对于一个病毒木马来说,重要的不是如何进行破坏,还有如何执行。病毒木马只有加载到内存中开始运行,才能够真正体现破坏力。否则,它就只是一个普通的磁盘文件,对于计算机用户的数据,隐私构不成丝毫的威胁。 自启动技术主要包括四种: 注册表 快速启动目录 计划任务 系统服务
folders默认配置 shell_修改Shell Folders的路径
weixin_42138525的博客
01-17 2477
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders在右侧窗口里,你看到的“名称”就代表那些特殊的文件夹,“数据”就是它们所对应的默认存储路径。下面介绍一下各个“名称”所代表的文件夹名称 含义 默认路径AppData 应用程序数据目录 C:\Documents and Settings\U...
注册表常用键值意义
welcomejzh的专栏
01-11 2880
   HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explorer/Control Panel];〖Internet Explorer选项类〗"HomePage"=dword:00000001 ;禁止更改主页设置〖0=可修改〗"Cache"=dword:00000001 ;禁止更改Internet临时文件设置〖0=可修改
DirectX 总结
weixin_33873846的博客
11-25 280
DDS DirectXDraw Surface file format, .dds。这是微软从DirectX7开始引进的一种文件格式,它用来存储压缩的或未压缩的纹理,该格式支持mimaps cube maps和volume maps, D3DX和许多其他的DX工具都支持这种格式,比如DirectX Texture Editor(dxtex.exe)和Texture Conversion Tool...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值