HIPS 自定义框架
整理:Baker? 2011.8.17? 特別感謝zengjian96幫我排版
對關鍵程序注入運行防護:
*.bat
*.cmd
*.com
*.dll
*.drv
*.exe
*.lnk
*.ocx
*.pif
*.scr
*.sys
?
關鍵文件/程序防護:
Cacls.exe
cmd.exe
command.com
cscript.exe
csrss.exel
debug.exe
diskpart.exe
format.exe
ftp.exe
?
對文件夾的保護:
C\WINDOWS
C\WINDOWS\system.ini
C\WINDOWS\system32
C\WINDOWS\system32
C\WINDOWS\System32\AUTOEXEC.nt
C\WINDOWS\System32\bootvrfy.exe
C\WINDOWS\system32\config
C\WINDOWS\System32\CONFIG.nt
C\WINDOWS\System32\control.ini
C\WINDOWS\system32\drivers
C\WINDOWS\system32\drivers\etc
C\WINDOWS\system32\drivers\etc
C\WINDOWS\System32\logon.exe
C\WINDOWS\System32\ntdos.sys
C\WINDOWS\system32\svchost.exe
C\WINDOWS\win.ini.
C\WINDOWS\wininit.ini
?
HOSTS
msconfig.exe
msh.exe
mshta.exe
net.exe
net1.exe
netsh.exe
netstat.exe
ntoskrnl.exe
ntsd.exe
ntvdm.exe
reg.exe
regedit.exe
regsvr32.exe
replace.exe
rundll32
lsass.exe
schtasks.exe
services.exe
smss.exe
svchost.exe
system.exe
taskkill.exe
tasklist.exe
telnet.exe
tftp.exe
winlogon.exe
winrar.exe
wscript.exe
?
注冊表關鍵位置防護
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\polices\system\h
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explore\DisallowRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explore\NoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRunH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RistrictRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windowsnt\Currentversion\Windows\load
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\load
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Programs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Programs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internetexplorer\Infodelivery\Restrictions\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internetexplorer\Toolbars\Restrictions\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon\p
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Windowsupdate\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windowsfirewall\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\j
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\Shell\Open\Command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\shell\open\command\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command\j
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShellScrap\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShellScrap\shell\open\command\v
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ActiveSetup\InstalledComponents\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Activesetup\InstalledComponents\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CodeStoreDatabase\DistributionUnits\r
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CodeStoreDatabase\DistributionUnits\V
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CommandProcessor\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CommandProcessor\V
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Extensions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\Default_Page_URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\Default_Search_URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\HOMEOldSP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\LocalPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\SearchPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\StartPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\StartPage_bak
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\Default_Search_URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\SearchAssistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Toolbar\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\V
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\Advanced\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShareTaskScheduler\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShellExecuteHooks\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShellFolders\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\UserShellFolders\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browserhelperobjects\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserShellFolders\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\h
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\t
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\x
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate\AUOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DriverSigning
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Accessibility\UtilityManager\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Accessibility\UtilityManager\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\GinaDLL\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\v
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SvcHost\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SvcHost\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore\DisableSR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore\DisableSR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GinaDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GunaDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SFCDisabale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SFCDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList\x
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Taskman
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Taskman
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UIHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UIHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UserInit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UserInit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\VmApplet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\VmApplet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WOW\boot\t
HKEY_LOCAL_MACHINE\SOFTWARE\Mirabilis\ICQ\Agent\Apps\IcqWinCfg\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\r
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windowsupdate\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windowsfirewall\t
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\t
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\Environment\ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\Environment\ComSpect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\r
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\Environment\ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\Environment\ComSpect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\Environment\ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\Environment\ComSpect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvide\Order
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\r
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\ComSpect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\Path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\Path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\KnownDLLs\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\KnownDLLs\p
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendindFileRenameOprations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ShellHWDetection\V
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\Wds\rdpwd\StartupPrograms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalSever\Wds\rdpwd\StartupPrograms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\d
HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\
HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\SearchBar
HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\SearchPage
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\MessengerService\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Devices\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\PrintPorts\
HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\SOFTWARE\Microsoft\InternetExplorer\Main\StartPage
轉載于:https://www.cnblogs.com/zhxfl/archive/2011/11/13/2246937.html
總結
以上是生活随笔為你收集整理的HIPS 自定义框架的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 做梦梦到被蛇咬了手是什么征兆
- 下一篇: 梦到房子没有屋顶是什么意思