Post: Windows self-starting file hiding location

From http://bbs.cfanclub.net/dispbbs.asp? Boolean id = 2 & id = 232417

Windows self-starting file hiding place jingying
What I found in the essence of my computer application article can be shared with you:

 

During Windows Startup, many programs are automatically started. Do not think that the "Start> program> Start" menu is all right. In fact, in Windows XP/2 K, there are many ways to enable Windows to automatically start the program, the following describes the two most important folders and eight registration keys.

1. Dedicated Startup folder of the current user

This is a common location for Automatic startup of many applications. All shortcuts for Windows Automatic startup in this folder. The User Startup Folder is generally in:/users and settings/<username>/"start" menu/Program/start. "<username>" indicates the name of the currently logged-on user account.

2. Effective startup folders for all users

This is the second important position to find an Automatic startup program. No matter what identity the user uses to log on to the system, the shortcut to put the folder is always automatically started-this is the difference between it and the user-specific Startup Folder. This folder is generally in:/Documents and Settings/all users/Start Menu/Program/startup.

Iii. Load registration key

There is not much information about the registration key. In fact, it can also automatically start the program. Location:
HKEY_CURRENT_USER/software/Microsoft/WindowsNT/CurrentVersion/Windows/load.

Iv. userinit registration key

Location:
HKEY_LOCAL_MACHINE/software/Microsoft/WindowsNT/currentversionwinlogon/USERINIT. This also enables the system to automatically initialize the program at startup. Quotation marks (excluding quotation marks ).

5. Explorer/run registration key

Unlike load and userinit, the explorer/run key is in
HKEY_LOCAL_MACHINE has the following options:
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/ieiesexplorer/run, and HKEY_LOCAL_MACHINE/software/Microsoft/Windows
/CurrentVersion/policies/Explorer/run.

6. runservicesonce registration key

The runservicesonce registration key is used to start the service program. the start time is before the user logs on and prior to other programs started by the registration key. The position of the runservicesonce registration key is:
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runservicesonce,
And HKEY_LOCAL_MACHINE/software/Microsoft/windowscurrentversion/runservicesonce.

VII. runservices registration key

The program specified by the runservices registration key runs immediately after the program specified by runservicesonce, but both run before the user logs on. Runservices is located:
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runservices, and
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runservices.

8. runonce/setup registration key

Runonce/setup specifies the program run after the user logs on. Its location is:
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runonce/setup,
And HKEY_LOCAL_MACHINE/software/Microsoft/windowscurrentversion/runonce/setup.

9. runonce registration key

The installer usually uses the runonce key to automatically run the program. Its location is
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runonce and
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runonce.
The runonce key under HKEY_LOCAL_MACHINE runs the program immediately after the user logs on. The runtime is before the program specified by other run keys. The runonce key under HKEY_CURRENT_USER runs after the operating system processes other run keys and the content of the "Start" folder. If it is XP, you still need to check
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runonceex.

10. Run registration key

Run is the most common registration key for automatically running programs. Its location is:
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/run, and
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run.
The run key under HKEY_CURRENT_USER runs immediately following the run key under HKEY_LOCAL_MACHINE, but both are before processing the "Start" folder.

----------------------------------------------
Hello, everyone! Have any questions to discuss together !!

: These are where Trojans are loaded! 891