|
Dvoumio sam se da li da stavim u zastitu ili u windows ali pretpostavljam da ce ovde biti potrebnije kad neko bude trazio odakle windows pokrece neki spyware/adware/virus...
Explorer: Startup Applications
Many programs that you install are automatically run when you start your computer and load Windows. For the majority of cases, this type of behavior is fine. Unfortunately, there are programs that are not legitimate, such as spyware and potentially unwanted software, that load in this manner as well. It is therefore important that you regularly check your start-up registry keys.
What does this Explorer Display?
The Startup Application Explorer lists all the various applications that can run when your computer is started or you log in to Windows.
All Users Startup Folder
Any files or shortcut files placed in this folder is used for programs that should be auto started for all users who will log in to your computer. This folder applies to all Windows NT, 2000, XP and 2003 versions. Possible folder paths are:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\WINNT\Profiles\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
User Profile Startup Folder
Any files or shortcut files placed in this folder will be executed for the particular user who logs in that corresponds to this folder. This folder is usually found in:
C:\windows\start menu\programs\startup
C:\Documents and Settings\LoginName\Start Menu\Programs\Startup
Registry Local Machine Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Any application path placed in this location runs when any user logs into Windows. These are the most common startup locations for programs to install auto start from. By default these keys are not executed in Safe Mode. If you prefix the value of these keys with an asterisk, *, it will run in Safe Mode.
Registry Current User Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Any application path placed in this location runs when the current user for this key logs into Windows. These are the most common startup locations for programs to install auto start from. By default these keys are not executed in Safe Mode. If you prefix the value of these keys with an asterisk, *, it will run in Safe Mode.
Registry Local Machine RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Any application path placed in this location runs when a user logs into Windows. These keys are designed to be used primarily by Setup programs. Entries in these keys are run once and then are deleted from the key. If there an exclamation point preceding the value of the key, the entry is not deleted until after the program completes, otherwise it is deleted before the program runs. This is important, because if the exclamation point is not used, and the program referenced in this key fails to complete, it is not run again as it has already been deleted. All entries in this key are started synchronously in an undefined order. Due to this, all programs in this key must be finished before any entries in HKEY_LOCAL_MACHINE\...\Run, HKEY_CURRENT_USER\...\Run, HKEY_CURRENT_USER\...\RunOnce, and Startup Folders can be loaded.
Registry Current User RunOnce
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Any application path placed in this location runs when the current user for this key logs in to Windows. These keys are designed to be used primarily by Setup programs. Entries in these keys are run once and then are deleted from the key. If there an exclamation point preceding the value of the key, the entry is not deleted until after the program completes, otherwise it is deleted before the program runs. This is important, because if the exclamation point is not used, and the program referenced in this key fails to complete, it is not run again as it has already been deleted. All entries in this key are run synchronously in an undefined order. Due to this, all programs in this key must be finished before any entries in HKEY_LOCAL_MACHINE\...\Run, HKEY_CURRENT_USER\...\Run, HKEY_CURRENT_USER\...\RunOnce, and Startup Folders can be loaded.
Registry Local Machine RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Registry Current User RunOnceEx
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Registry Local Machine RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
Registry Local Machine RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This key is designed to run services as well for all users. These entries can also continue running even after you log on, but must be completed before the HKEY_LOCAL_MACHINE\...\RunServices registry can start loading its programs.
Registry Current User RunServices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This key is designed to run services as well for the current user. These entries can also continue running even after you log on, but must be completed before the HKEY_CURRENT_USER\...\RunServices registry can start loading its programs.
Registry Local Machine Policies\Explorer\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This key is designed to run services as well for all users. These keys are generally used to load programs as part of a policy set in place on the computer or user.
Registry Current User Policies\Explorer\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This key is designed to run services as well for the current user. These keys are generally used to load programs as part of a policy set in place on the computer or user.
UserInit Key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
This key specifies what program should be run right after a user logs in to Windows. The default program for this key is C:\windows\system32\userinit.exe. Userinit.exe is a program that restores your profile, fonts, colors, etc for your username. It is possible to add further programs that will run from this key by separating the programs with a comma. For example:
Load Key
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
This key is not commonly used, but can be used to auto start programs.
Win.ini
C:\windows\win.ini
Any programs listed after the run= or load= in the win.ini file will run when Windows starts. This run= statement was used with older versions of Windows but for backwards compatibility, this feature still exists. Most programs today do not use this setting, and if you do not use older programs these entries should not exist. The load= statement was used to load drivers for your hardware but no longer used today.
System.ini
C:\windows\system.ini
The shell = statement in the system.ini is used to designate which program would act as the shell for the operating system. The Shell is the program that would load your desktop, handle window management, and allow the user to interact with the system. Any program listed after the shell statement is run when Windows starts, and acts as the default shell. There were some programs that acted as valid shell replacements, but they are generally no longer used. It is also possible to list other programs that run as Windows loads in the same Shell = line, such as Shell=explorer.exe spyware.exe. This line will make both programs run when Windows starts.
tekst je iz MS Antispyware-a
|
