博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
List of Windows Auto Start Locations
阅读量:2434 次
发布时间:2019-05-10

本文共 10784 字,大约阅读时间需要 35 分钟。

This is a list of auto-start locations that malware’s normally use to restart themselves on a system reboot. It was with us since the time we basically started working on .

We have tried to find their Vista entries too. , we don’t know yet. Now, some might not work on all platforms. They might not work on Windows 98, 95, ME, etc. as they are not Windows NT bases and the NT’s work differently. Some will also work without any registry key manipulation.

We have maintained a few known abbreviations just to shorten the post. They are as follows:

HKLM : HKEY_LOCAL_MACHINE
HKCU : HKEY_CURRENT_USER
HKCR : HKEY_CLASSES_ROOT
%windir% : The Windows Directory. Can be C:/Windows or C:/WINNT or anything, depending on the location, the OS & the customization of the OS!
%USERPROFILE% : Normally is C:/Documents and Settings/, depending on the installation location.
%ALLUSERSPROFILE% : Normally is C:/Documents and Settings/All Users, depending on the installation location.

Please keep in mind that the Windows registry is very sensitive and you should fiddle with it only if you know how to get out of it! We should not be held responsible for any harm coming out of their usage!

Beginning with registry methods:

1. HKLM/System/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/StartupPrograms

2. HKLM/SOFTWARE//Windows NT/CurrentVersion/Winlogon/AppSetup
3. HKLM/Software/Policies/Microsoft/Windows/System/Scripts/Startup
4. HKCU/Software/Policies/Microsoft/Windows/System/Scripts/Logon
5. HKLM/Software/Policies/Microsoft/Windows/System/Scripts/Logon
6. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Userinit
7. HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/System/Shell
8. HKCU/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Shell
9. HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System/Shell
10. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Shell
11. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Taskman
12. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Terminal Server/Install/Software/Microsoft/Windows/CurrentVersion/Runonce
13. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Terminal Server/Install/Software/Microsoft/Windows/CurrentVersion/RunonceEx
14. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Terminal Server/Install/Software/Microsoft/Windows/CurrentVersion/Run
15. HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
16. HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEx
17. HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce
18. HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/Load
19. HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/Run
20. HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run
21. HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run
22. HKCU/Software/Microsoft/Windows/CurrentVersion/Run
23. HKCU/Software/Microsoft/Windows/CurrentVersion/RunOnce
24. HKCU/Software/Microsoft/Windows/CurrentVersion/RunOnce/Setup/
25. HKCU/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Terminal Server/Install/Software/Microsoft/Windows/CurrentVersion/Runonce
26. HKCU/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Terminal Server/Install/Software/Microsoft/Windows/CurrentVersion/RunonceEx
27. HKCU/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Terminal Server/Install/Software/Microsoft/Windows/CurrentVersion/Run
28. HKLM/SOFTWARE/Classes/Protocols/Filter
29. HKLM/SOFTWARE/Classes/Protocols/Handler
30. HKCU/SOFTWARE/Microsoft/Internet Explorer/Desktop/Components
31. HKLM/SOFTWARE/Microsoft/Active Setup/Installed Components
32. HKCU/SOFTWARE/Microsoft/Active Setup/Installed Components
33. HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/SharedTaskScheduler
34. HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad
35. HKCU/SOFTWARE/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad
36. HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks
37. HKCU/Software/Classes/*/ShellEx/ContextMenuHandlers
38. HKLM/Software/Classes/*/ShellEx/ContextMenuHandlers
39. HKCU/Software/Classes/AllFileSystemObjects/ShellEx/ContextMenuHandlers
40. HKLM/Software/Classes/AllFileSystemObjects/ShellEx/ContextMenuHandlers
41. HKCU/Software/Classes/Folder/ShellEx/ContextMenuHandlers
42. HKLM/Software/Classes/Folder/ShellEx/ContextMenuHandlers
43. HKCU/Software/Classes/Directory/ShellEx/ContextMenuHandlers
44. HKLM/Software/Classes/Directory/ShellEx/ContextMenuHandlers
45. HKCU/Software/Classes/Directory/Background/ShellEx/ContextMenuHandlers
46. HKLM/Software/Classes/Directory/Background/ShellEx/ContextMenuHandlers
47. HKCU/Software/Classes/Folder/Shellex/ColumnHandlers
48. HKLM/Software/Classes/Folder/Shellex/ColumnHandlers
49. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/ShellIconOverlayIdentifiers
50. HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/ShellIconOverlayIdentifiers
51. HKCU/Software/Microsoft/Ctf/LangBarAddin
52. HKLM/Software/Microsoft/Ctf/LangBarAddin
53. HKCU/Software/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved
54. HKLM/Software/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved
55. HKLM/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects
56. HKCU/Software/Microsoft/Internet Explorer/UrlSearchHooks
57. HKLM/Software/Microsoft/Internet Explorer/Toolbar
58. HKCU/Software/Microsoft/Internet Explorer/Explorer Bars
59. HKLM/Software/Microsoft/Internet Explorer/Explorer Bars
60. HKCU/Software/Microsoft/Internet Explorer/Extensions
61. HKLM/Software/Microsoft/Internet Explorer/Extensions
62. HKLM/System/CurrentControlSet/Services
63. HKLM/System/CurrentControlSet/Services
64. HKLM/System/CurrentControlSet/Control/Session Manager/BootExecute
65. HKLM/System/CurrentControlSet/Control/Session Manager/SetupExecute
66. HKLM/System/CurrentControlSet/Control/Session Manager/Execute
67. HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options
68. HKLM/Software/Microsoft/Command Processor/Autorun
69. HKCU/Software/Microsoft/Command Processor/Autorun
70. HKLM/SOFTWARE/Classes/Exefile/Shell/Open/Command/(Default)
71. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Windows/Appinit_Dlls
72. HKLM/System/CurrentControlSet/Control/Session Manager/KnownDlls
73. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/System
74. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/UIHost
75. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/Notify
76. HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/GinaDLL
77. HKCU/Control Panel/Desktop/Scrnsave.exe
78. HKLM/System/CurrentControlSet/Control/BootVerificationProgram/ImagePath
79. HKLM/System/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9
80. HKLM/SYSTEM/CurrentControlSet/Control/Print/Monitors
81. HKLM/SYSTEM/CurrentControlSet/Control/SecurityProviders/SecurityProviders
82. HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages
83. HKLM/SYSTEM/CurrentControlSet/Control/Lsa/Notification Packages
84. HKLM/SYSTEM/CurrentControlSet/Control/Lsa/ Packages
85. HKLM/SYSTEM/CurrentControlSet/Control/NetworkProvider/Order
86. HKCU/Software/Microsoft/Windows NT/CurrentVersion/Windows/load
87. HKCR/batfile/shell/open/command @="/"%1/" %*"
88. HKCR/comfile/shell/open/command @="/"%1/" %*"
89. HKCR/exefile/shell/open/command @="/"%1/" %*"
90. HKCR/htafile/Shell/Open/Command @="/"%1/" %*"
91. HKCR/piffile/shell/open/command @="/"%1/" %*"
92. HKLM/Software/Classes/batfile/shell/open/command
93. HKLM/Software/Classes/comfile/shell/open/command
94. HKLM/Software/Classes/exefile/shell/open/command
95. HKLM/Software/Classes/htafile/shell/open/command
96. HKLM/Software/Classes/piffile/shell/open/command
97. HKLM/System/CurrentControlSet/Control/Class/{4D36E96B-E325-11CE-BFC1-08002BE10318}/UpperFilters
98. HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/VmApplet
99. HKLM/Software/Microsoft/Windows NT/CurrentVersion/InitFileMapping
100. HKLM/Software/Microsoft/Windows NT/CurrentVersion/Aedebug
101. HKLM/Software/Classes/CLSID/{CLSID}/Implemented Categories/{00021493-0000-0000-C000-000000000046}
102. HKLM/Software/Classes/CLSID/{CLSID}/Implemented Categories/{00021494-0000-0000-C000-000000000046}
103. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.bat/Application
104. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.cmd/Application
105. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.com/Application
106. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.exe/Application
107. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.hta/Application
108. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.pif/Application
109. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.scr/Application
110. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.bat/ProgID
111. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.cmd/ProgID
112. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.com/ProgID
113. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.exe/ProgID
114. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.hta/ProgID
115. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.pif/ProgID
116. HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/FileExts/.scr/ProgID
117. HKLM/Software/CLASSES/batfile/shell/open/command @="/"%1/" %*"
118. HKLM/Software/CLASSES/comfile/shell/open/command @="/"%1/" %*"
119. HKLM/Software/CLASSES/exefile/shell/open/command @="/"%1/" %*"
120. HKLM/Software/CLASSES/htafile/Shell/Open/Command @="/"%1/" %*"
121. HKLM/Software/CLASSES/piffile/shell/open/command @="/"%1/" %*"
122. HKCR/vbsfile/shell/open/command/
123. HKCR/vbefile/shell/open/command/
124. HKCR/jsfile/shell/open/command/
125. HKCR/jsefile/shell/open/command/
126. HKCR/wshfile/shell/open/command/
127. HKCR/wsffile/shell/open/command/
128. HKCR/scrfile/shell/open/command/
129. HKLM/Software/Microsoft/Active Setup/Installed Components/KeyName
StubPath=C:/PathToFile/Filename.exe

Now, we will start with folder auto start locations.

%ALLUSERSPROFILE%/Start Menu/Programs/Startup
%USERPROFILE%/Start Menu/Programs/Startup
%windir%/Tasks
%windir%/System32/Tasks - Windows Vista
%ALLUSERSPROFILE%/Microsoft/Windows/Start Menu/Programs/Startup
%USERPROFILE%/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup

In addition to this, there are some more files which when added an entry, will restart the file.

win.ini:
[windows]
load=file.exe

OR

[windows]

run=file.exe

system.ini:

[boot]
Shell=Explorer.exe file.exe

windir/dosstart.bat (Windows 95 or Windows 98 only)

windir/system/autoexec.nt
windir/system/config.nt

转载地址:http://ngmmb.baihongyu.com/

你可能感兴趣的文章
SQL Server静态页面导出技术(转)
查看>>
黑客软件最常用的连接端口一览(转)
查看>>
解决无盘多机启动慢的方法(转)
查看>>
检查字符串strSource是否为big或big5码(转)
查看>>
EXCEL读取与写入数据的最佳方案(转)
查看>>
windows运行命令详解(转)
查看>>
sql语句插入的数据中含有单引号怎么办(转)
查看>>
RJ45接头接法(转)
查看>>
将数据库的内容放到下拉列表中(转)
查看>>
突破网吧及机房管理限制的方法(转)
查看>>
WAP 2.0--XHTML mobile profile(转)
查看>>
Platform Builder之旅(二)(转)
查看>>
GFP:新一代多业务传输技术(转)
查看>>
安全至上:7月11日值得注意病毒列表(转)
查看>>
How to Use DBMS_SUPPORT Package(转)
查看>>
在Win2003中配置SNMP服务的网络安全(转)
查看>>
如何彻底保护你的网站不受RDS攻击的威胁(转)
查看>>
提高网站在Google中的排名——面向搜索引擎的网站设计(转)
查看>>
SQL Server 存储过程的经典分页(转)
查看>>
SMS基本概念和移动通信系统介绍(转)
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-07-07 16:50:02   当前IP: 18.226.93.229   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我