注册表

注册表项

HKCU\Environment\UserInitMprLogonScript

HKCU\Software\Classes*\ShellEx\ContextMenuHandlers

HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers

HKCU\Software\Classes\Directory\Shellex\DragDropHandlers

HKCU\Software\Classes\Drive\ShellEx\ContextMenuHandlers

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Windows

HKCU\Software\Policies\Microsoft\Windows\System\Scripts

HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Classes*\ShellEx\PropertySheetHandlers

HKLM\Software\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance

HKLM\Software\Classes\CLSID{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

HKLM\Software\Classes\Filter

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\Software\Microsoft\Rpc\Extensions

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Policies\Microsoft\Windows\System\Scripts

HKLM\Software\Wow6432Node\Classes*\ShellEx\ContextMenuHandlers

HKLM\Software\Wow6432Node\Classes*\ShellEx\PropertySheetHandlers

HKLM\Software\Wow6432Node\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance

HKLM\Software\Wow6432Node\Classes\CLSID{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance

HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers

HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers

HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers

HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\System\CurrentControlSet\Control\Lsa\

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages

HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\

HKLM\System\CurrentControlSet\Services

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64

HKU*\software\microsoft\windows\currentversion\explorer\user shell folders\startup