windows 自启动项 - Windows

windows自启动项,这个东西我是很想把它都弄清楚的。曾经也知道好多处，但是现在想尽可能的把它都找出来。从安全焦点看了篇文章 Windows的自启动方式 ,不过很古老02年写的，03年sowhat发到安全焦点上的，虽然有用但有的是window 98下的。所以我重新整理了下。

=====================================================================================

Windows 98/ME

启动目录
%windir%\Tasks
%windir%\win.ini

NT4

启动目录
%windir%\Tasks

Windows NT4/2000/XP/2003

启动目录
%windir%\Tasks

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run (Win2003)
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce (Win2003)
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx (Win2003)
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices (Win98/ME)
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices (Win98/ME)
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce (Win98/ME)
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce (Win98/ME)
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run (Win2003)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce (Win2003)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx (Win2003)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup (Win2003)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify (Win98/ME)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms (Win2003)
HKLM\System\CurrentControlSet\Services (Win98/ME)
----------------------------------------------------------------------------------
1.第一自启动目录：

C:\Documents and Settings\All Users\「开始」菜单\程序\启动
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services（也就是NT/2K/XP/2003系统的驱动或服务）
-----------------------------------------------------------------------------------

c:\autoexec.bat
%systemroot%\autoexec.nt
%systemroot%\config.nt
autorun.inf
desktop.ini
folder.htt

%systemroot%\system32\GroupPolicy\Machine\Scripts\scripts.ini
%systemroot%\system32\GroupPolicy\user\Scripts\scripts.ini
%systemroot%\system32\GroupPolicy\User\Scripts\logon
%systemroot%\system32\GroupPolicy\User\Scripts\logoff
%systemroot%\system32\GroupPolicy\Machine\Scripts\Startup
%systemroot%\system32\GroupPolicy\Machine\Scripts\Shutdown

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup
===================================================================================