对安全有威胁的注册
表
关于同志近三年现实表现材料材料类招标技术评分表图表与交易pdf视力表打印pdf用图表说话 pdf
位置 WINDOWS自动启动键值详解
贴出(规则支持通配符*),供大家参考:
自动运行
-------------------------
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run***
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run***
HKEY_LOCAL_MACHINE\System\*controlset*\Control\Session managerBootExecute
HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windowsload
HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windowsrun
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer\Run*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer\Run*
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts*
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell foldersStartup
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Runonce*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runservices*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell foldersCommon Startup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell foldersCommon Startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell foldersStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion
\Inifilemapping**
驱动/服务相关
----------------------------
HKEY_LOCAL_MACHINE\System\*controlset*\Services\* HKEY_LOCAL_MACHINE\System\*controlset*\Services\*imagepath HKEY_LOCAL_MACHINE\System\*controlset*\Control\Safeboot*** HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Shellserviceobjectdelayload**
文件关联
-------------------------
HKEY_CLASSES_ROOT\Exefile\Shell\Open\Command*
HKEY_CLASSES_ROOT\Comfile\Shell\Open\Command*
HKEY_CLASSES_ROOT\Batfile\Shell\Open\Command*
HKEY_CLASSES_ROOT\Piffile\Shell\Open\Command*
HKEY_CLASSES_ROOT\.bat*
HKEY_CLASSES_ROOT\.cmd*
HKEY_CLASSES_ROOT\.exe*
HKEY_CLASSES_ROOT\.txt*
HKEY_CLASSES_ROOT\.pif*
HKEY_CLASSES_ROOT\Txtfile\Shell\Open\Command*
HKEY_CLASSES_ROOT\.com*
HKEY_CLASSES_ROOT\Comfile*
HKEY_CLASSES_ROOT\.reg*
HKEY_CLASSES_ROOT\Regfile\Shell\Open\Command*
HKEY_CLASSES_ROOT\.inf*
HKEY_CLASSES_ROOT\Inffile\Shell\Open\Command*
HKEY_CLASSES_ROOT\.hlp*
HKEY_CLASSES_ROOT\Hlpfile\Shell\Open\Command*
HKEY_CLASSES_ROOT\.chm*
HKEY_CLASSES_ROOT\Chm.file\Shell\Open\Command*
网络保护
-----------------------
HKEY_LOCAL_MACHINE\System\*controlset*\Services\Winsock2*** HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Network*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Network*
HKEY_LOCAL_MACHINE\System\*controlset*\Services\Tcpip\ParametersDataBasePath
HKEY_LOCAL_MACHINE\System\*controlset*\Services\Tcpip\Parameters\Interfaces***
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windowsupdate**
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windowsfirewall*** HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windowsupdate**
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windowsfirewall*** HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Sharedaccess\Parameters\Firewallpolicy*
特殊注册表项目
-----------------------
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion
\WindowsAppInit_DLLs
HKEY_LOCAL_MACHINE\System\*controlset*\Control\Session manager*FileRenameOpe...
HKEY_CURRENT_USER\Control panel\Don';t load*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Control panel\Don';t load*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\System*
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\System*
HKEY_CURRENT_USER\Control panel\Desktopscrnsave.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Image file execution options***
HKEY_LOCAL_MACHINE\Software\Microsoft\Security center* HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\Codeidentifiers\0\Paths*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shellexecutehooks**
HKEY_CURRENT_USER\Software\Microsoft\Command processorAutorun
HKEY_LOCAL_MACHINE\Software\Microsoft\Command processorAutoRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies*
HKEY_CLASSES_ROOT\Clsid\{e6fb5e20-de35-11cf-9c87-00aa005127ed}* HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon\Notify**
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Sharedtaskscheduler**
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Svchost**
浏览器保护
-------------------
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Extensions** *
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Extensions** *
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Menuext
*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Toolbar
*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser helper objects* *
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\styles stylesheet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet explorer\Toolbars\Restrictions *
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet explorer\Infodelivery\Restrictions *
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main
Start Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main
Default_Page_U...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main
Local Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Start Page_bak
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main HOMEOldSP
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Search Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Default_Search_...
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Start Page
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Default_Page_U...
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Local Page
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Start Page_bak
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main HOMEOldSP
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\MainUse Custom Sea...
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\MainSearch Page
HKEY_USERS\.default\Software\Microsoft\Internet explorer\MainSearch Page
HKEY_USERS\.default\Software\Microsoft\Internet explorer\MainSearch
Bar
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\SearchCustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\SearchSearchAssistant
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\SearchDefault_Search_...
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Internet settings\Zonemap\Ranges***
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settings\Zonemap\Ranges***
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsMinLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsSafety Warning L...
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsTrust Warning Le...
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsSecurity_RunActiv...
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsSecurity_RunScri...
HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsMinLevel
HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsSafety Warning L...
HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsSecurity_RunActiv...
HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsSecurity_RunScri...
HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsTrust Warning Le...
HKEY_CLASSES_ROOT\Protocols\Filter***
HKEY_CLASSES_ROOT\Protocols\Handler***
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Searchurl** *
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Urlsearchhooks** *
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Advancedoptions *
HKEY_LOCAL_MACHINE\Software\Microsoft\Active setup\Installed components* *
HKEY_LOCAL_MACHINE\Software\Microsoft\Code store database\Distribution units* *
流氓及恶意程序保护
------------------------------------
HKEY_CLASSES_ROOT\Cns**
HKEY_CURRENT_USER\Software\3721 *
HKEY_LOCAL_MACHINE\Software\3721 *
HKEY_LOCAL_MACHINE\Software\Classes\Cns* *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run\Helper.dll*
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Menuext\!搜一搜 *
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Advancedoptions\!cns*
HKEY_LOCAL_MACHINE\System\Controlset*\Enum\Root\Legacy_cnsmink*
HKEY_LOCAL_MACHINE\System\Controlset*\Services\Cnsminkp * HKEY_CLASSES_ROOT\Assist* *
HKEY_CLASSES_ROOT\Autolive* *
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main\Cns* *
HKEY_CLASSES_ROOT\Adkiller* *
HKEY_LOCAL_MACHINE\Software\Classes\Adkiller**
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Activex compatibility\{1b0e7716-898e-4...*
HKEY_CLASSES_ROOT\Coolbar**
HKEY_LOCAL_MACHINE\Software\Classes\Coolbar* *
HKEY_CURRENT_USER\Software\Yahoo*
HKEY_LOCAL_MACHINE\Software\Yahoo*
HKEY_CLASSES_ROOT\Zschkfile*
HKEY_CLASSES_ROOT\Ebay**
HKEY_USERS\S-1-5-**\Software\Microsoft\Internet explorer\Menuext\*ebay**
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run\Ebay* *
HKEY_CLASSES_ROOT\Applications\Pig* *
HKEY_LOCAL_MACHINE\Software\Classes\Applications\Pig** HKEY_LOCAL_MACHINE\Software\Miranda *
HKEY_USERS\S-1-5-*\Software\Bcgp appwizard-generated applications\网络猪*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run\Pig**
HKEY_CLASSES_ROOT\Pig* *
HKEY_CURRENT_USER\Software\Pig**
HKEY_LOCAL_MACHINE\Software\Classes\Pig**
HKEY_CLASSES_ROOT\Filetransferprogressbar* *
HKEY_CLASSES_ROOT\Gif89.gif89* *
HKEY_LOCAL_MACHINE\Software\Classes\Gif89**
HKEY_CLASSES_ROOT\360**
HKEY_CLASSES_ROOT\Hugi**
HKEY_LOCAL_MACHINE\Software\360so*
HKEY_LOCAL_MACHINE\Software\Classes\360main* *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run 360Main*.exe
HKEY_LOCAL_MACHINE\Software\Baidu *
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Menuext\百度**
HKEY_CLASSES_ROOT\Baidu**
HKEY_CURRENT_USER\Software\Baidu *
HKEY_LOCAL_MACHINE\Software\Classes\Mimefilter**
HKEY_CLASSES_ROOT\Mimefilter* *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser helper object...*
HKEY_LOCAL_MACHINE\Software\Blogchina*
HKEY_CLASSES_ROOT\Bocai**
HKEY_LOCAL_MACHINE\Software\Classes\Bocai* *
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Toolbar\{4da2ee61-6399-4c39-aeb9-0d... *
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Cdn** HKEY_CURRENT_USER\Software\Cnnic *
HKEY_LOCAL_MACHINE\Software\Cnnic *
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Advancedoptions\Cdnclient *
HKEY_CLASSES_ROOT\Cdn* *
HKEY_CLASSES_ROOT\Mailparsersvr**
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Extensions\{35980f6e-a137-4e50-953d... *
HKEY_LOCAL_MACHINE\System\*controlset*\Enum\Root\Legacy_cdnprot *
HKEY_CLASSES_ROOT\Applications\Dudu* *
HKEY_CLASSES_ROOT\Ddd* *
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Menuext\&使用dudu 加速器下载 *
HKEY_LOCAL_MACHINE\Software\Dudu*
HKEY_USERS\S-1-5-*\Software\Microsoft\Internet explorer\Menuext\&使用dudu 加速器下载 *
HKEY_CLASSES_ROOT\Xpwindow**
HKEY_CLASSES_ROOT\Applications\Henbang**
HKEY_LOCAL_MACHINE\Software\Classes\Applications\Henbang* *
HKEY_CLASSES_ROOT\Downloadstart**
HKEY_LOCAL_MACHINE\Software\Classes\Downloadstart* * HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser helper object...*
HKEY_CLASSES_ROOT\Monitor.urlmonitor**
HKEY_LOCAL_MACHINE\Software\Classes\Monitor.urlmonitor* * HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser helper object...*
HKEY_LOCAL_MACHINE\Software\World2 *
HKEY_LOCAL_MACHINE\Software\Classes\Hugi* *
HKEY_CLASSES_ROOT\Yisou**
HKEY_CURRENT_USER\Software\Yisou**
HKEY_LOCAL_MACHINE\Software\3721\Yisou *
HKEY_LOCAL_MACHINE\Software\Classes\Yisoubar* *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser helper object...*
HKEY_LOCAL_MACHINE\Software\Yisou*
HKEY_CLASSES_ROOT\Searchm**
HKEY_LOCAL_MACHINE\Software\Classes\Searchm* *
HKEY_CLASSES_ROOT\Clsid\{141a5e19-bdcb-4e27-a3d7-9e16503bc05b}*
HKEY_CLASSES_ROOT\Clsid\{1b0e7716-898e-48cc-9690-4e338e8de1d3}*
HKEY_CLASSES_ROOT\Clsid\{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2} *
HKEY_CLASSES_ROOT\Clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d}*
HKEY_CLASSES_ROOT\Clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2} * HKEY_CLASSES_ROOT\Clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}*
HKEY_CLASSES_ROOT\Clsid\{bb936323-19fa-4521-ba29-eca6a121bc78}
*
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{141a5e19-bdcb-4e27-a3d7-9e16503bc05b} *
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{1b0e7716-898e-48cc-9690-4e338e8de1d3} *
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{38928d50-8a48-44c2-945f-d2f23f771410}*
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2}*
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d} *
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2}*
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4} *
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{bb936323-19fa-4521-ba29-eca6a121bc78}*
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{57421194-58fb-49ae-9b4f-fd48869b9ad4}*
HKEY_CLASSES_ROOT\Clsid\{57421194-58fb-49ae-9b4f-fd48869b9ad4} *
HKEY_CLASSES_ROOT\Clsid\{406f94f0-504f-4a40-8dfd-58b0666abebd}* HKEY_CLASSES_ROOT\Clsid\{fe3ecae7-0a37-4506-8a7d-3cc9a04d2ca8}*
HKEY_CLASSES_ROOT\Clsid\{38928d50-8a48-44c2-945f-d2f23f771410} * HKEY_CLASSES_ROOT\Clsid\{17f1c8e8-b99b-4d85-927b-a0ee7290455a}
*
HKEY_CLASSES_ROOT\Clsid\{af53d70e-29df-443a-92aa-9c314af5871e} * HKEY_CLASSES_ROOT\Clsid\{22d8e815-4a5e-4dfb-845e-aab64207f5bd}*
HKEY_CLASSES_ROOT\Clsid\{92085ad4-f48a-450d-bd93-b28cc7df67ce} *
HKEY_CLASSES_ROOT\Clsid\{b7856497-7097-424a-b03c-557aca6477b4}*
HKEY_CLASSES_ROOT\Clsid\{bc0fa0e8-0e7a-4836-b6ea-6e6880f4522c}* HKEY_CLASSES_ROOT\Clsid\{28d47530-cf84-11d1-834c-00a0249f0c28} *
HKEY_CLASSES_ROOT\Clsid\{4b946315-e88c-4fe9-9c51-d9277ba85acc}*
HKEY_CLASSES_ROOT\Clsid\{b580cf65-e151-49c3-b73f-70b13fca8e86}* HKEY_CLASSES_ROOT\Clsid\{a7f05ee4-0426-454f-8013-c41e3596e9e9}* HKEY_CLASSES_ROOT\Clsid\{fe14f22e-be14-4f08-a80f-f27bc3a67b2d}* HKEY_CLASSES_ROOT\Clsid\{4da2ee61-6399-4c39-aeb9-0d990e610d29} *
HKEY_CLASSES_ROOT\Clsid\{461a86f7-a29d-460a-80d5-52979aa6c46d}
*
HKEY_CLASSES_ROOT\Clsid\{9a578c98-3c2f-4630-890b-fc04196ef420}* HKEY_CLASSES_ROOT\Clsid\{d449eb58-55af-4695-b216-895d546aed89}*
HKEY_CLASSES_ROOT\Clsid\{35980f6e-a137-4e50-953d-813bb8556899}*
HKEY_CLASSES_ROOT\Clsid\{8135ef31-fe8c-4c6e-a18a-f59944c3a488}* HKEY_CLASSES_ROOT\Clsid\{915e63f4-4733-401e-8556-6559b30a4c5a} *
HKEY_CLASSES_ROOT\Clsid\{6bde1669-b490-48e3-b668-456314f2d6c3}
*
HKEY_CLASSES_ROOT\Clsid\{ffd95f65-f5e4-4ab8-b7f9-f61f13878a04}*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Extensions\{3db9f45e-aa74-4373-a466... *
HKEY_CLASSES_ROOT\Clsid\{2d6f6bff-1796-4779-9ba3-5f20f17e5cea}* HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{2d6f6bff-1796-4779-9ba3-5f20f17e5cea} *
HKEY_CLASSES_ROOT\Clsid\{616d4040-5712-4f0f-bcf1-5c6420a99e14}* HKEY_CLASSES_ROOT\Clsid\{3ed9ffda-79db-4b2d-99b7-16ea3c4a3a92}*
HKEY_CLASSES_ROOT\Clsid\{f43bd772-abdd-43b7-a96a-3e9e61946ec0}
*
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{f43bd772-abdd-43b7-a96a-3e9e61946ec0}*
HKEY_CLASSES_ROOT\Clsid\{115f6e46-fcbc-41ed-b3b5-3bddd4aab5e5}*
HKEY_CLASSES_ROOT\Clsid\{db4f72f5-fa97-4424-a8cd-758feae6861f}* HKEY_CLASSES_ROOT\Clsid\{ef1d17a9-089f-40cc-8d64-7324cdeba0db} *
HKEY_CLASSES_ROOT\Clsid\{594be7b2-23b0-4fae-a2b9-0c21cc1417ce}*
HKEY_LOCAL_MACHINE\Software\Classes\Clsid\{594be7b2-23b0-4fae-a2b9-0c21cc1417ce} *
HKEY_LOCAL_MACHINE\Software\Stdup *
HKEY_CURRENT_USER\Software\Stdup *
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Activex compatibility\{9a578c98-3c2f-46...*
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Universal disk manager *
系统初始化及用户登录
---------------------------
HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon GinaDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon taskman
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon Shell
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon\Notify* *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon System
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon Userinit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon VmApplet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon *
RunDll32 应用程序规则 -------------------------- HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex *
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runservices *
HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Run
*
WINDOWS自动启动键值详解
我们经常会遇到许多不请自来自己启动的程序,还有许多是我们不想让它启动的程序,不要以为管好了“开始?程序?启动”菜单就万事大吉,实际上,在Windows XP/2K中,让Windows自动启动程序的办法很多,下文告诉你最重要的两个文件夹和八个注册键。看看里面有哪些是你不想要的,请按“del”键。
文件夹
一、当前用户专有的启动文件夹 这是许多应用软件自动启动的常用位置,Windows自动启动放入该文件夹的所有快捷方式。用户启动文件夹一般在:\Documents and Settings\<用户名字>\“开始”菜单\程序\启动,其中“<用户名字>”是当前登录的用户帐户名称。
二、对所有用户有效的启动文件夹 这是寻找自动启动程序的第二个重要位置,不管用户用什么身份登录系统,放入该文件夹的快捷方式总是自动启动——这是它与用户专有的启动文件夹的区别所在。该文件夹一般在:
\Documents and Settings\All Users\“开始”菜单\程序\启动。
注册表
三、Load注册键 介绍该注册键的资料不多,实际上它也能够自动启动程序。位置:
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\
Windows\load。
四、Userinit注册键 位置:
HKEY_LOCAL_MacHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit。这里也能够使系统启动时自动初始化程序。通常该注
册键下面有一个userinit.exe。这个键允许指定用逗号分隔的多个程序,例如
“userinit.exe,OSA.exe”(不含引号)。
五、Explorer\Run注册键 和load、Userinit不同,Explorer\Run键在
HKEY_CURRENT_USER和HKEY_LOCAL_MACHINE下都有,具体位置是:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\PolicIEs\Explorer\Run,和
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run。
六、RunServicesOnce注册键 RunServicesOnce注册键用来启动服务程
序,启动时间在用户登录之前,而且先于其他通过注册键启动的程序。
RunServicesOnce注册键的位置是:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,和
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce。
七、RunServices注册键 RunServices注册键指定的程序紧接
RunServicesOnce指定的程序之后运行,但两者都在用户登录之前。
RunServices的位置是:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunServices,和
HKEY_LOCAL_MacHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices。
八、RunOnce\Setup注册键 RunOnce\Setup指定了用户登录之后运行的
程序,它的位置是:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup,和
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup。
九、RunOnce注册键 安装程序通常用RunOnce键自动运行程序,它的位
置在
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce和
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce。HKEY_LOCAL_MACHINE下面的RunOnce键会在用户登录之后立
即运行程序,运行时机在其他Run键指定的程序之前。
HKEY_CURRENT_USER下面的RunOnce键在操作系统处理其他Run键以
及“启动”文件夹的内容之后运行。如果是XP,你还需要检查一下
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx。
十、Run注册键 Run是自动运行程序最常用的注册键,位置在:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,和
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run。HKEY_CURRENT_USER下面的Run键紧接
HKEY_LOCAL_MACHINE下面的Run键运行,但两者都在处理“启动”文件夹
之前。
汇总如下:
\Documents and Settings\<用户名字>\“开始”菜单\程序\启动
\Documents and Settings\All Users\“开始”菜单\程序\启动
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows\load
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\PolicIEs\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[本人补充(注册表启动方式)]:
HKCR\ftp\shell\open\command
HKCR\PROTOCOLS
HKCU\Control Panel\Desktop
HKCU\ftp\shell\open\command
HKCU\Software\Microsoft\Command Processor
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks HKCU\Software\Microsoft\ole
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ HKLM\Software\Classes\Folder\Shellex\ColumnHandlers HKLM\SOFTWARE\Classes\mailto\shell\open\command
HKLM\SOFTWARE\Classes\PROTOCOLS
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units HKLM\Software\Microsoft\Internet Explorer\Extensions HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell folders\Startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\scrīpts
HKLM\SYSTEM\ControlSet001\Control\Session Manager\BootExecute HKLM\System\ControlSet001\Session Manager\BootExecute HKLM\SYSTEM\CurrentControlSet\Control\Lsa
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages HKLM\SYSTEM\CurrentControlSet\Control\MPRServices
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors HKLM\System\CurrentControlSet\Control\Session Manager HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\System\CurrentControlSet\Services\
HKLM\System\CurrentControlSet\Services\VxD\
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2
HKLM\System\CurrentControlSet\Services\WinSock\Parameters\Protocol_Catalog9
HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\ HKU\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\
浙公网安备 33021202002483