Aug 28

关于Windows的自启动项

Software | 1 评论 » | Trackback | FavLinks | 7,777 次阅读

以下是系统启动的时候所有可能加载启动程序的方式,了解它对于解决未知的木马病毒间谍软件等会有好处。

最常见的6个启动文件夹

1. WinDir\Start Menu\Programs\Startup\
2. User\Startup\
3. All Users\Startup\
4. WinDir\system\iosubsys\
5. WinDir\system\vmm32\
6. WinDir\Tasks\

12个可能的自启动文件位置

1. c:\explorer.exe
2. c:\autoexec.bat
3. c:\config.sys
4. windir\wininit.ini
5. windir\winstart.bat
6. windir\win.ini - [windows] "load"
7. windir\win.ini - [windows] "run"
8. windir\system.ini - [boot] "shell"
9. windir\system.ini - [boot] "scrnsave.exe"
10. windir\dosstart.bat
11. windir\system\autoexec.nt
12. windir\system\config.nt

35个注册表的自启动位置

1. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\
All values in this key are executed.

2. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\
All values in this key are executed, and then their autostart reference is deleted.

3. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
All values in this key are executed as services.

4. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\
All values in this key are executed as services, and then their autostart reference is deleted.

5. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
All values in this key are executed.

6. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
All values in this key are executed, and then their autostart reference is deleted.

7. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\
Used only by Setup. Displays a progress dialog box as the keys are run one at a time.

8. HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Similar to the Run key from HKEY_CURRENT_USER.

9. HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Similar to the RunOnce key from HKEY_CURRENT_USER.

10. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
The "Shell" value is monitored. This value is executed after you log in.

11. HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\
All subkeys are monitored, with special attention paid to the "StubPath" value in each subkey.

12. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\VxD\
All subkeys are monitored, with special attention paid to the "StaticVXD" value in each subkey.

13. HKEY_CURRENT_USER\Control Panel\Desktop
The "SCRNSAVE.EXE" value is monitored. This value is launched when your screen saver activates.

14. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager
The "BootExecute" value is monitored. Files listed here are Native Applications that are executed before Windows starts.

15. HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Executed whenever a .VBS file (Visual Basic Script) is run.

16. HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Executed whenever a .VBE file (Encoded Visual Basic Script) is run.

17. HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Executed whenever a .JS file (Javascript) is run.

18. HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Executed whenever a .JSE file (Encoded Javascript) is run.

19. HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Executed whenever a .WSH file (Windows Scripting Host) is run.

20. HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Executed whenever a .WSF file (Windows Scripting File) is run.

21. HKEY_CLASSES_ROOT\exefile\shell\open\command\
Executed whenever a .EXE file (Executable) is run.

22. HKEY_CLASSES_ROOT\comfile\shell\open\command\
Executed whenever a .COM file (Command) is run.

23. HKEY_CLASSES_ROOT\batfile\shell\open\command\
Executed whenever a .BAT file (Batch Command) is run.

24. HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Executed whenever a .SCR file (Screen Saver) is run.

25. HKEY_CLASSES_ROOT\piffile\shell\open\command\
Executed whenever a .PIF file (Portable Interchange Format) is run.

26. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Services marked to startup automatically are executed before user login.

27. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog\Catalog_En tries\
Layered Service Providers, executed before user login.

28. HKEY_LOCAL_MACHINE\System\Control\WOW\cmdline
Executed when a 16-bit Windows executable is executed.

29. HKEY_LOCAL_MACHINE\System\Control\WOW\wowcmdline
Executed when a 16-bit DOS application is executed.

30. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Executed when a user logs in.

31. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\
Executed by explorer.exe as soon as it has loaded.

32. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
Executed when the user logs in.

33. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
Executed when the user logs in.

34. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\run\
Subvalues are executed when Explorer initialises.

35. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\run\
Subvalues are executed when Explorer initialises.

依赖软件,但是软件不是万能的,知道根源,手动解决 :twisted:

Tags: , , , , ,

Aug 26

Your Freedom - 它可能比 Tor 快

Internet, Software | 没有评论 » | Trackback | FavLinks | 5,528 次阅读

Tor 大家都熟了吧,无数的集合版本让它普及的很快。不过 Tor 致命的缺陷就是速度太慢,而且现在有很多“陷阱”节点。

嗯,如果你也觉得 Tor 太慢,可以试试 Your Freedom 。

Your Freedom 是一款类似 Tor (其实我觉得它更像 JAP),是欧洲(德国?)某公司开发的用于穿透防火墙和内容过滤的代理软件。

与 Tor 做简单比较的话,YF 的优点主要体现在绝大多数情况下它比 Tor 要快(深圳电信),而且本身直接支持 HTTP 和 Socks 代理,图形界面设置比较方便,也支持二级代理。

缺点呢,你必须安装 SUN JAVA 1.4.2 +,这东西有 10 几 M ...程序本身倒是不大,1 M 多吧,而且使用前你必须(免费)申请一个帐号(是否通用未知)。

下面介绍如何使用它:

1、在 YF 的网站上 注册 一个用户,需要电子邮件验证,所以不能乱填;
2、下载 并安装YF;
3、运行,使用向导建立最基本的配置,如果上网环境不涉及代理,基本不用改动什么,让它自己查找最合适的节点群;
4、默认参数就能很好的工作,HTTP 代理开在 8080 端口,SOCKS 开在 1080 端口,当然你也可以 DIY

补充下,有防火墙的要允许 JAVAW.EXE UDP/TCP 出站。

Tags: , , , , , ,

[2/2]  < 1 2