zoukankan      html  css  js  c++  java

  • HIPS 自定义框架

    整理:Baker  2011.8.17  特别感谢zengjian96帮我排版

    对关键程序注入运行防护:

    *.bat

    *.cmd

    *.com

    *.dll

    *.drv

    *.exe

    *.lnk

    *.ocx

    *.pif

    *.scr

    *.sys

    关键文件/程序防护:

    Cacls.exe

    cmd.exe

    command.com

    cscript.exe

    csrss.exel

    debug.exe

    diskpart.exe

    format.exe

    ftp.exe

    对文件夹的保护:

    C\WINDOWS

    C\WINDOWS\system.ini

    C\WINDOWS\system32

    C\WINDOWS\system32

    C\WINDOWS\System32\AUTOEXEC.nt

    C\WINDOWS\System32\bootvrfy.exe

    C\WINDOWS\system32\config

    C\WINDOWS\System32\CONFIG.nt

    C\WINDOWS\System32\control.ini

    C\WINDOWS\system32\drivers

    C\WINDOWS\system32\drivers\etc

    C\WINDOWS\system32\drivers\etc

    C\WINDOWS\System32\logon.exe

    C\WINDOWS\System32\ntdos.sys

    C\WINDOWS\system32\svchost.exe

    C\WINDOWS\win.ini.

    C\WINDOWS\wininit.ini

    HOSTS

    msconfig.exe

    msh.exe

    mshta.exe

    net.exe

    net1.exe

    netsh.exe

    netstat.exe

    ntoskrnl.exe

    ntsd.exe

    ntvdm.exe

    reg.exe

    regedit.exe

    regsvr32.exe

    replace.exe

    rundll32

    lsass.exe

    schtasks.exe

    services.exe

    smss.exe

    svchost.exe

    system.exe

    taskkill.exe

    tasklist.exe

    telnet.exe

    tftp.exe

    winlogon.exe

    winrar.exe

    wscript.exe

    注册表关键位置防护

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\polices\system\h

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explore\DisallowRun

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explore\NoRun

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRunH

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RistrictRun

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windowsnt\Currentversion\Windows\load

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\load

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Programs

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Programs

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\run

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internetexplorer\Infodelivery\Restrictions\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internetexplorer\Toolbars\Restrictions\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon\p

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Windowsupdate\

    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windowsfirewall\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\d

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\d

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\d

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\d

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\j

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\d

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\Shell\Open\Command\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\shell\open\command\d

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command\j

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShellScrap\shell\open\command\

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShellScrap\shell\open\command\v

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ActiveSetup\InstalledComponents\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Activesetup\InstalledComponents\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CodeStoreDatabase\DistributionUnits\r

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CodeStoreDatabase\DistributionUnits\V

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CommandProcessor\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CommandProcessor\V

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Extensions\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\Default_Page_URL

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\Default_Search_URL

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\HOMEOldSP

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\LocalPage

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\SearchPage

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\StartPage

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\StartPage_bak

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\CustomizeSearch

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\Default_Search_URL

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\SearchAssistant

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Toolbar\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\V

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\Advanced\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShareTaskScheduler\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShellExecuteHooks\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShellFolders\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\UserShellFolders\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browserhelperobjects\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserShellFolders\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore\Run\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\h

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\t

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\x

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate\AUOptions

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DriverSigning

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Accessibility\UtilityManager\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Accessibility\UtilityManager\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\GinaDLL\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\v

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SvcHost\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SvcHost\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore\DisableSR

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore\DisableSR

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaultUserName

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaultUserName

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GinaDLL

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GunaDLL

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SFCDisabale

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SFCDisable

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList\

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList\x

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\System

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\System

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Taskman

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Taskman

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UIHost

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UIHost

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UserInit

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UserInit

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\VmApplet

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\VmApplet

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WOW\boot\t

    HKEY_LOCAL_MACHINE\SOFTWARE\Mirabilis\ICQ\Agent\Apps\IcqWinCfg\

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\r

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windowsupdate\

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windowsfirewall\t

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\t

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\BootExecute

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\BootExecute

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\Environment\ComSpec

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\Environment\ComSpect

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\r

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\BootExecute

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\BootExecute

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\Environment\ComSpec

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\Environment\ComSpect

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\BootExecute

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\BootExecute

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\Environment\ComSpec

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\Environment\ComSpect

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvide\Order

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\r

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\ComSpec

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\ComSpect

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\Path

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\Path

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\KnownDLLs\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\KnownDLLs\p

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendindFileRenameOprations

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ShellHWDetection\V

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\Wds\rdpwd\StartupPrograms

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalSever\Wds\rdpwd\StartupPrograms

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\b

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\d

    HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\

    HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\SearchBar

    HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\SearchPage

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\MessengerService\

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Devices\

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\PrintPorts\

    HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\SOFTWARE\Microsoft\InternetExplorer\Main\StartPage
  • 相关阅读:
    [LeetCode] 1081. Smallest Subsequence of Distinct Characters 不同字符的最小子序列
    [LeetCode] 1080. Insufficient Nodes in Root to Leaf Paths 根到叶路径上的不足节点
    [LeetCode] 1079. Letter Tile Possibilities 活字印刷
    [LeetCode] 1078. Occurrences After Bigram 双元语法分词
    [LeetCode] 1074. Number of Submatrices That Sum to Target 元素和为目标值的子矩阵数量
    [LeetCode] 1073. Adding Two Negabinary Numbers 负二进制数相加
    [LeetCode] 1072. Flip Columns For Maximum Number of Equal Rows 按列翻转得到最大值等行数
    [LeetCode] 1071. Greatest Common Divisor of Strings 字符串的最大公因子
    [LeetCode] 1054. Distant Barcodes 距离相等的条形码
    [LeetCode] 1053. Previous Permutation With One Swap 交换一次的先前全排列
  • 原文地址:https://www.cnblogs.com/zhxfl/p/2246937.html
Copyright © 2011-2022 走看看