注册表防御部位Word文档下载推荐.docx
《注册表防御部位Word文档下载推荐.docx》由会员分享,可在线阅读,更多相关《注册表防御部位Word文档下载推荐.docx(17页珍藏版)》请在冰豆网上搜索。
*\Software\Microsoft\Windows\CurrentVersion\Explorer\UserShellFolders\CommonStartup*
*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run*
*\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell\*
*\Software\Microsoft\Windows\CurrentVersion\Run*
*\Software\Microsoft\Windows\CurrentVersion\Runonce*
*\Software\Microsoft\Windows\CurrentVersion\Runservices*
*\Software\Microsoft\InternetExplorer\URLSearchHooks\*
*\Software\Policies\Microsoft\Windows\System\Scripts*
HKLM\System\*ControlSet*\Control\WOW\*
HKLM\System\*ControlSet*\Control\SessionManager\BootExecute*
HKLM\System\*ControlSet*\Control\SessionManager\PendingFileRenameOperations*
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries*
HKLM\System\CurrentControlSet\Control\Lsa\AuthenticationPackages*
HKLM\System\CurrentControlSet\Control\Lsa\NotificationPackages*
HKLM\System\CurrentControlSet\Control\Lsa\SecurityPackages*
HKLM\System\CurrentControlSet\Control\NetworkProvider\Order*
HKLM\System\CurrentControlSet\Control\Print\Monitors*
HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders*
HKLM\System\CurrentControlSet\Control\SessionManager\KnownDlls*
HKLM\System\CurrentControlSet\Services*
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\*
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Accessibility\UtilityManager\*
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers*
HKLM\Software\Microsoft\InternetExplorer\Extensions*
HKLM\Software\Microsoft\ActiveSetup\InstalledComponents*
HKLM\Software\Wow6432Node\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs*
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers*
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers*
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers*
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers*
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers*
HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers*
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers*
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers*
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers*
HKLM\Software\Classes\Protocols\Filter*
HKLM\Software\Classes\Protocols\Handler*
HKCU\ControlPanel\Desktop\SCRNSAVE.EXE
HKCU\Software\Microsoft\InternetExplorer\UrlSearchHooks*
服务&
驱动加载相关:
HKLM\System\*ControlSet*\Services\*
HKLM\System\*ControlSet*\Control\SafeBoot\*
HKLM\System\*ControlSet*\Control\BackupRestore\*
HKLM\System\*ControlSet*\Control\ComputerName\*
HKLM\System\*ControlSet*\Control\GroupOrderList\*
HKLM\System\*ControlSet*\Control\Lsa\*
HKLM\System\*ControlSet*\Control\MprServices\*
HKLM\System\*ControlSet*\Control\Print\Monitors\*
HKLM\System\*ControlSet*\Control\ServiceGroupOrder\*
HKLM\System\*ControlSet*\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\*
HKLM\Software\Microsoft\Ole*
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad*
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Svchost\*
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Drivers\*
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Drivers32\*
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WOW\boot\*
文件关联&
默认图标等:
HKCR\.*\*
HKCR\Shell*
HKCR\Comfile*
HKCR\Folder\Shell*
HKCR\Directory\Shell*
HKCR\Unknown\Shell*
HKCR\?
\Shell\*
HKCR\*\ShellNew*
HKCR\*\Shell\*\Command*
HKCR\*\NeverShowExt
HKCR\*\AlwaysShowExt
*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\*
HKCR\CLSID\{7EFFAAFF-EA0A-1A3A-CBCD-F13522D53649}\InProcServer32\*
U盘病毒&
自动运行相关:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\*\Shell\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun*
其他重要项:
*\Software\Microsoft\DriverSigning\Policy*[管理是否进行驱动签名认证]
*\Software\Policies\*[存储安全策略设置]
HKUS\*\Environment\Path[环境变量]
HKUS\*\ControlPanel\Desktop\SCRNSAVE.EXE[屏幕保护程序对应项]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\*[储存定时任务中的程序列表]
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\AeDebug\*[映像劫持]
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecution\*[映像劫持]
HKLM\Software\Classes\Protocols\Filter\*[网络协议]
HKLM\Software\Classes\Protocols\Handler\*[网络协议]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIcons*[系统图标]
*\Software\Classes\*file\DefaultIcon[系统图标]
*\Software\Classes\CLSID\*\DefaultIcon[系统图标]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\*\DefaultIcon[系统图标]
网络相关:
HKLM\System\*ControlSet*\Services\Winsock2\*
HKLM\System\*ControlSet*\Services\Tcpip\Parameters\DataBasePath
HKLM\System\*ControlSet*\Services\Tcpip\Parameters\Interfaces\*
HKLM\System\*ControlSet*\Control\SessionManager\UserAgent*
HKLM\Software\Microsoft\Ras*
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Network\*
HKLM\Software\Microsoft\Windows\CurrentVersion\InternetSettings\UserAgent\PostPlatform\*
详细安全策略:
HKCU\ControlPanel\Desktop\*
HKCU\Software\Policies\Microsoft\*
HKCU\Software\Microsoft\InternetExplorer\Desktop\General\Wallpaper
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnforceShellExtensionSecurity
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hid*
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\No*
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Documents\HideMyDocsFolder
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\IncludeSubFolders
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Search*
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\*
HKCU\Software\Microsoft\WindowsNT\CurrentVersion\SystemRestore\*
HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Windows\Open
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\*
HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\*
HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\WindowsUpdate\*
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\SystemRestore\DisableSR
HKLM\Software\Policies\Microsoft\Windows\*
HKLM\System\ControlSet?
?
\Services\Sharedaccess\Parameters\FirewallPolicy\*
HKLM\System\CurrentControlSet\Services\Sharedaccess\Parameters\FirewallPolicy\*
*\Software\Microsoft\SecurityCenter\*
*\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced*
*\Software\Microsoft\Windows\CurrentVersion\GroupPolicyObjects\*
*\Software\Microsoft\Windows\CurrentVersion\Policies\System\*
IE浏览器:
*\Software\Microsoft\InternetDomains\*
*\Software\Microsoft\InternetExplorer\Main\Default_Page_URL
*\Software\Microsoft\InternetExplorer\Main\Default_Search_URL
*\Software\Microsoft\InternetExplorer\Main\EnableBrowserExtensions
*\Software\Microsoft\InternetExplorer\Main\FirstHomePage
*\Software\Microsoft\InternetExplorer\Main\HOMEOldSP
*\Software\Microsoft\InternetExplorer\Main\LocalPage
*\Software\Microsoft\InternetExplorer\Main\StartPage
*\Software\Microsoft\InternetExplorer\Main\StartPage_bak
*\Software\Microsoft\InternetExplorer\Main\UseCustomSearchURL
*\Software\Microsoft\InternetExplorer\Main\WindowTitle
*\Software\Microsoft\InternetExplorer\Main\FeatureControl\*
*\Software\Microsoft\InternetExplorer\Main\Search*
*\Software\Microsoft\InternetExplorer\AboutURLs\*
*\Software\Microsoft\InternetExplorer\ActivexCompatibility\*
*\Software\Microsoft\InternetExplorer\AdvancedOptions\*
*\Software\Microsoft\InternetExplorer\Desktop\Components\*
*\Software\Microsoft\InternetExplorer\ExplorerBars\*
*\Software\Microsoft\InternetExplorer\Extensions\*
*\Software\Microsoft\InternetExplorer\MenuExt\*
*\Software\Microsoft\InternetExplorer\Plugins\*
*\Software\Microsoft\InternetExplorer\Search\*
*\Software\Microsoft\InternetExplorer\SearchUrl*
*\Software\Microsoft\InternetExplorer\Styles\*
*\Software\Microsoft\InternetExplorer\Toolbar\*
*\Software\Microsoft\InternetExplorer\UrlSearchHooks\*
*\Software\Microsoft\Windows\CurrentV