Показано с 1 по 1 из 1.

Список ключей автозапуска

  1. #1
    Geser
    Guest

    Список ключей автозапуска

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    AppInit
    Shell
    UserInit
    System
    VMApplet
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\
    All values in this key are executed.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce\
    All values in this key are executed, and then their autostart reference is deleted.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\
    All values in this key are executed as services.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServicesOnce\
    All values in this key are executed as services, and then their autostart reference is deleted.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\
    All values in this key are executed.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\
    All values in this key are executed, and then their autostart reference is deleted.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\Setup\
    Used only by Setup. Displays a progress dialog box as the keys are run one at a time.

    HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Run\
    Similar to the Run key from HKEY_CURRENT_USER.

    HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\RunOnce\
    Similar to the RunOnce key from HKEY_CURRENT_USER.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    The "Shell" value is monitored. This value is executed after you log in.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\
    All subkeys are monitored, with special attention paid to the "StubPath" value in each subkey.

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\VxD\
    All subkeys are monitored, with special attention paid to the "StaticVXD" value in each subkey.

    HKEY_CURRENT_USER\Control Panel\Desktop
    The "SCRNSAVE.EXE" value is monitored. This value is launched when your screen saver activates.

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager
    The "BootExecute" value is monitored. Files listed here are Native Applications that are executed before Windows starts.

    HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
    Executed whenever a .VBS file (Visual Basic Script) is run.

    HKEY_CLASSES_ROOT\vbefile\shell\open\command\
    Executed whenever a .VBE file (Encoded Visual Basic Script) is run.

    HKEY_CLASSES_ROOT\jsfile\shell\open\command\
    Executed whenever a .JS file (Javascript) is run.

    HKEY_CLASSES_ROOT\jsefile\shell\open\command\
    Executed whenever a .JSE file (Encoded Javascript) is run.

    HKEY_CLASSES_ROOT\wshfile\shell\open\command\
    Executed whenever a .WSH file (Windows Scripting Host) is run.

    HKEY_CLASSES_ROOT\wsffile\shell\open\command\
    Executed whenever a .WSF file (Windows Scripting File) is run.

    HKEY_CLASSES_ROOT\exefile\shell\open\command\
    Executed whenever a .EXE file (Executable) is run.

    HKEY_CLASSES_ROOT\comfile\shell\open\command\
    Executed whenever a .COM file (Command) is run.

    HKEY_CLASSES_ROOT\batfile\shell\open\command\
    Executed whenever a .BAT file (Batch Command) is run.

    HKEY_CLASSES_ROOT\scrfile\shell\open\command\
    Executed whenever a .SCR file (Screen Saver) is run.

    HKEY_CLASSES_ROOT\piffile\shell\open\command\
    Executed whenever a .PIF file (Portable Interchange Format) is run.

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\
    Services marked to startup automatically are executed before user login.

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Winsock2\Parameters\Protocol_Catalog\Catalog_En tries\
    Layered Service Providers, executed before user login.

    HKEY_LOCAL_MACHINE\System\Control\WOW\cmdline
    Executed when a 16-bit Windows executable is executed.

    HKEY_LOCAL_MACHINE\System\Control\WOW\wowcmdline
    Executed when a 16-bit DOS application is executed.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    Executed when a user logs in.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\
    Executed by explorer.exe as soon as it has loaded.

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
    Executed when the user logs in.

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
    Executed when the user logs in.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\run\
    Subvalues are executed when Explorer initialises.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\run\
    Subvalues are executed when Explorer initialises.


    Folder Autostart Locations

    windir\Start Menu\Programs\Startup\
    User\Startup\
    All Users\Startup\
    windir\system\iosubsys\
    windir\system\vmm32\
    windir\Tasks\

    File Autostart Locations

    c:\explorer.exe
    c:\autoexec.bat
    c:\config.sys
    windir\wininit.ini
    windir\winstart.bat
    windir\win.ini - [windows] "load"
    windir\win.ini - [windows] "run"
    windir\system.ini - [boot] "shell"
    windir\system.ini - [boot] "scrnsave.exe"
    windir\dosstart.bat
    windir\system\autoexec.nt
    windir\system\config.nt

  2. Будь в курсе!
    Реклама на VirusInfo

    Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

    Anti-Malware Telegram
     

Похожие темы

  1. Большой список автозапуска в логе AVZ
    От VladimirSmit в разделе Помогите!
    Ответов: 2
    Последнее сообщение: 30.08.2010, 17:36
  2. не удалить из автозапуска
    От stopinspb в разделе Помогите!
    Ответов: 1
    Последнее сообщение: 01.06.2009, 16:27
  3. по поводу автозапуска с CD
    От mayas в разделе Microsoft Windows
    Ответов: 14
    Последнее сообщение: 21.11.2008, 10:39
  4. процессы автозапуска
    От Step@n в разделе Помогите!
    Ответов: 4
    Последнее сообщение: 05.06.2007, 16:58
  5. Антишпион vs менеджер Автозапуска
    От NewUser в разделе Антивирусы
    Ответов: 4
    Последнее сообщение: 09.04.2006, 20:15

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01196 seconds with 17 queries