[木馬查殺二部曲]木馬開機啟動時會常修改的地方

版主: DarkSkyline

[木馬查殺二部曲]木馬開機啟動時會常修改的地方

文章DarkSkyline » 週五 12月 8日, 2006年 3:26 pm

Windows 98/ME 中文版
----------------------------
%windir%\All Users\Start Menu\Programs\啟動
%windir%\Start Menu\Programs\啟動
%windir%\Tasks
%windir%\win.ini

NT4 中文版
-------------
%USERSPROFILE%\..\All Users\「開始」功能表\程式集\啟動 (NT4 沒有 %ALLUSERSPROFILE%)
%USERSPROFILE%\「開始」功能表\程式集\啟動
%windir%\Tasks

Windows NT4/2000/XP/2003 中文版
---------------------------------------
%ALLUSERSPROFILE%\「開始」功能表\程式集\啟動
%USERSPROFILE%\「開始」功能表\程式集\啟動
%windir%\Tasks

登錄檔機碼:
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run (Win2003 才有)
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce (Win2003 才有)
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx (Win2003 才有)
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices (Win98/ME 才有)
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices (Win98/ME 才有)
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce (Win98/ME 才有)
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce (Win98/ME 才有)
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run (Win2003 才有)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce (Win2003 才有)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx (Win2003 才有)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup (Win2003 才有)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify (Win98/ME 沒有)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms (Win2003 才有)
HKLM\System\CurrentControlSet\Services (Win98/ME 沒有)
http://www.ublink.org
Tel:04-22605121
E-Mail:eric@ublink.org
Skype:ublink-eric
LineID:0937720133
頭像
DarkSkyline
Site Admin
 
文章: 1878
註冊時間: 週五 12月 8日, 2006年 11:41 am
來自: 台中
送出感謝: 0 次
擁有感謝: 2

回到 windows 作業系統

誰在線上

正在瀏覽這個版面的使用者:Google [Bot] 和 20 位訪客

cron