window启动详细

最常见的6个启动文件夹

代码:

1.windirStartMenuProgramsStartup

2.UserStartup

3.AllUsersStartup

4.windirsystemiosubsys

5.windirsystemvmm32

6.windirTasks

12个可能的自启动文件位置

代码:

1.c:explorer.exe

2.c:autoexec.bat

3.c:config.sys

4.windirwininit.ini

5.windirwinstart.bat

6.windirwin.ini-[windows]“load”

7.windirwin.ini-[windows]“run”

8.windirsystem.ini-[boot]“shell”

9.windirsystem.ini-[boot]“scrnsave.exe”

10.windirdosstart.bat

11.windirsystemautoexec.nt

12.windirsystemconfig.nt

13.gpedit.msc本地计算机策略→用户配置→管理模板→系统→登录

35个注册表的自启动位置

代码:

1.HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

Allvaluesinthiskeyareexecuted.

2.HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce

Allvaluesinthiskeyareexecuted,andthentheirautostartreferenceisdeleted.

3.HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices

Allvaluesinthiskeyareexecutedasservices.

4.HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesOnce

Allvaluesinthiskeyareexecutedasservices,andthentheirautostartreferenceisdeleted.

5.HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

Allvaluesinthiskeyareexecuted.

6.HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce

Allvaluesinthiskeyareexecuted,andthentheirautostartreferenceisdeleted.

7.HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnceSetup

UsedonlybySetup.Displaysaprogressdialogboxasthekeysarerunoneatatime.

8.HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionRun

SimilartotheRunkeyfromHKEY_CURRENT_USER.

9.HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionRunOnce

SimilartotheRunOncekeyfromHKEY_CURRENT_USER.

10.HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogon

The“Shell”valueismonitored.Thisvalueisexecutedafteryoulogin.

11.HKEY_LOCAL_MACHINESoftwareMicrosoftActiveSetupInstalledComponents

Allsubkeysaremonitored,withspecialattentionpaidtothe“StubPath”valueineachsubkey.

12.HKEY_LOCAL_MACHINESystemCurrentControlSetServicesVxD

Allsubkeysaremonitored,withspecialattentionpaidtothe“StaticVXD”valueineachsubkey.

13.HKEY_CURRENT_USERControlPanelDesktop

The“SCRNSAVE.EXE”valueismonitored.Thisvalueislaunchedwhenyourscreensaveractivates.

14.HKEY_LOCAL_MACHINESystemCurrentControlSetControlSessionManager

The“BootExecute”valueismonitored.FileslistedhereareNativeApplicationsthatareexecutedbeforeWindowsstarts.

15.HKEY_CLASSES_ROOTvbsfileshellopencommand

Executedwhenevera.VBSfile(VisualBasicScript)isrun.

16.HKEY_CLASSES_ROOTvbefileshellopencommand

Executedwhenevera.VBEfile(EncodedVisualBasicScript)isrun.

17.HKEY_CLASSES_ROOTjsfileshellopencommand

Executedwhenevera.JSfile(Javascript)isrun.

18.HKEY_CLASSES_ROOTjsefileshellopencommand

Executedwhenevera.JSEfile(EncodedJavascript)isrun.

19.HKEY_CLASSES_ROOTwshfileshellopencommand

Executedwhenevera.WSHfile(WindowsScriptingHost)isrun.

20.HKEY_CLASSES_ROOTwsffileshellopencommand

Executedwhenevera.WSFfile(WindowsScriptingFile)isrun.

21.HKEY_CLASSES_ROOTexefileshellopencommand

Executedwhenevera.EXEfile(Executable)isrun.

22.HKEY_CLASSES_ROOTcomfileshellopencommand

Executedwhenevera.COMfile(Command)isrun.

23.HKEY_CLASSES_ROOTbatfileshellopencommand

Executedwhenevera.BATfile(BatchCommand)isrun.

24.HKEY_CLASSES_ROOTscrfileshellopencommand

Executedwhenevera.SCRfile(ScreenSaver)isrun.

25.HKEY_CLASSES_ROOTpiffileshellopencommand

Executedwhenevera.PIFfile(PortableInterchangeFormat)isrun.

26.HKEY_LOCAL_MACHINESystemCurrentControlSetServices

Servicesmarkedtostartupautomaticallyareexecutedbeforeuserlogin.

27.HKEY_LOCAL_MACHINESystemCurrentControlSetServicesWinsock2ParametersProtocol_CatalogCatalog_Entries

LayeredServiceProviders,executedbeforeuserlogin.

28.HKEY_LOCAL_MACHINESystemControlWOWcmdline

Executedwhena16-bitWindowsexecutableisexecuted.

29.HKEY_LOCAL_MACHINESystemControlWOWwowcmdline

Executedwhena16-bitDOSapplicationisexecuted.

30.HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonUserinit

Executedwhenauserlogsin.

31.HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad

Executedbyexplorer.exeassoonasithasloaded.

32.HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWindowsrun

Executedwhentheuserlogsin.

33.HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWindowsload

Executedwhentheuserlogsin.

34.HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun

SubvaluesareexecutedwhenExplorerinitialises.

35.HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun

SubvaluesareexecutedwhenExplorerinitialises.

36.HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGroupPolicyObjectsLocalUserSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun