对安全有威胁的注册表位置WINDOWS自动启动键值详解.docx

资源描述

对安全有威胁的注册表位置WINDOWS自动启动键值详解.docx

《对安全有威胁的注册表位置WINDOWS自动启动键值详解.docx》由会员分享，可在线阅读，更多相关《对安全有威胁的注册表位置WINDOWS自动启动键值详解.docx（13页珍藏版）》请在冰豆网上搜索。

对安全有威胁的注册表位置WINDOWS自动启动键值详解.docx

对安全有威胁的注册表位置WINDOWS自动启动键值详解

贴出（规则支持通配符*），供大家参考：

自动运行

-------------------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run***

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run***

HKEY_LOCAL_MACHINE\System\*controlset*\Control\Session managerBootExecute

HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windowsload

HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windowsrun

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer\Run*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer\Run*

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts*

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell foldersStartup

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Runonce*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runservices*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell foldersCommon Startup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell foldersCommon Startup

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell foldersStartup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping**

驱动/服务相关

----------------------------

HKEY_LOCAL_MACHINE\System\*controlset*\Services\*

HKEY_LOCAL_MACHINE\System\*controlset*\Services\*imagepath

HKEY_LOCAL_MACHINE\System\*controlset*\Control\Safeboot***

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Shellserviceobjectdelayload**

文件关联

-------------------------

HKEY_CLASSES_ROOT\Exefile\Shell\Open\Command*

HKEY_CLASSES_ROOT\Comfile\Shell\Open\Command*

HKEY_CLASSES_ROOT\Batfile\Shell\Open\Command*

HKEY_CLASSES_ROOT\Piffile\Shell\Open\Command*

HKEY_CLASSES_ROOT\.bat*

HKEY_CLASSES_ROOT\.cmd*

HKEY_CLASSES_ROOT\.exe*

HKEY_CLASSES_ROOT\.txt*

HKEY_CLASSES_ROOT\.pif*

HKEY_CLASSES_ROOT\Txtfile\Shell\Open\Command*

HKEY_CLASSES_ROOT\.com*

HKEY_CLASSES_ROOT\Comfile*

HKEY_CLASSES_ROOT\.reg*

HKEY_CLASSES_ROOT\Regfile\Shell\Open\Command*

HKEY_CLASSES_ROOT\.inf*

HKEY_CLASSES_ROOT\Inffile\Shell\Open\Command*

HKEY_CLASSES_ROOT\.hlp*

HKEY_CLASSES_ROOT\Hlpfile\Shell\Open\Command*

HKEY_CLASSES_ROOT\.chm*

HKEY_CLASSES_ROOT\Chm.file\Shell\Open\Command*

网络保护

-----------------------

HKEY_LOCAL_MACHINE\System\*controlset*\Services\Winsock2***

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Network*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Network*

HKEY_LOCAL_MACHINE\System\*controlset*\Services\Tcpip\ParametersDataBasePath

HKEY_LOCAL_MACHINE\System\*controlset*\Services\Tcpip\Parameters\Interfaces***

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windowsupdate**

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windowsfirewall***

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windowsupdate**

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windowsfirewall***

HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Sharedaccess\Parameters\Firewallpolicy*

特殊注册表项目

-----------------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\WindowsAppInit_DLLs

HKEY_LOCAL_MACHINE\System\*controlset*\Control\Session manager*FileRenameOpe...

HKEY_CURRENT_USER\Control panel\Don';t load*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Control panel\Don';t load*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\System*

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\System*

HKEY_CURRENT_USER\Control panel\Desktopscrnsave.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Image file execution options***

HKEY_LOCAL_MACHINE\Software\Microsoft\Security center*

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\Codeidentifiers\0\Paths*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shellexecutehooks**

HKEY_CURRENT_USER\Software\Microsoft\Command processorAutorun

HKEY_LOCAL_MACHINE\Software\Microsoft\Command processorAutoRun

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies*

HKEY_CLASSES_ROOT\Clsid\{e6fb5e20-de35-11cf-9c87-00aa005127ed}*

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Winlogon\Notify**

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Sharedtaskscheduler**

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Svchost**

浏览器保护

-------------------

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Extensions** *

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Extensions** *

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Menuext *

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Toolbar *

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser helper objects* *

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\styles stylesheet

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet explorer\Toolbars\Restrictions *

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet explorer\Infodelivery\Restrictions *

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Start Page

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Default_Page_U...

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Local Page

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Start Page_bak

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main HOMEOldSP

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Search Page

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Main Default_Search_...

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Start Page

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Default_Page_U...

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Local Page

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Start Page_bak

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main HOMEOldSP

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main Search Bar

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\MainUse Custom Sea...

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\MainSearch Page

HKEY_USERS\.default\Software\Microsoft\Internet explorer\MainSearch Page

HKEY_USERS\.default\Software\Microsoft\Internet explorer\MainSearch Bar

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\SearchCustomizeSearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\SearchSearchAssistant

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\SearchDefault_Search_...

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Internet settings\Zonemap\Ranges***

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settings\Zonemap\Ranges***

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsMinLevel

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsSafety Warning L...

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsTrust Warning Le...

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsSecurity_RunActiv...

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet settingsSecurity_RunScri...

HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsMinLevel

HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsSafety Warning L...

HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsSecurity_RunActiv...

HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsSecurity_RunScri...

HKEY_USERS\.default\Software\Microsoft\Windows\Currentversion\Internet settingsTrust Warning Le...

HKEY_CLASSES_ROOT\Protocols\Filter***

HKEY_CLASSES_ROOT\Protocols\Handler***

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Searchurl** *

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Urlsearchhooks** *

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Advancedoptions *

HKEY_LOCAL_MACHINE\Software\Microsoft\Active setup\Installed components* *

HKEY_LOCAL_MACHINE\Software\Microsoft\Code store database\Distribution units* *

流氓及恶意程序保护

------------------------------------

HKEY_CLASSES_ROOT\Cns**

HKEY_CURRENT_USER\Software\3721 *

HKEY_LOCAL_MACHINE\Software\3721 *

HKEY_LOCAL_MACHINE\Software\Classes\Cns* *

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run\Helper.dll*

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Menuext\!

搜一搜 *

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Advancedoptions\!

cns*

HKEY_LOCAL_MACHINE\System\Controlset*\Enum\Root\Legacy_cnsmink*

HKEY_LOCAL_MACHINE\System\Controlset*\Services\Cnsminkp *

HKEY_CLASSES_ROOT\Assist* *

HKEY_CLASSES_ROOT\Autolive* *

HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main\Cns* *

HKEY_CLASSES_ROOT\Adkiller* *

HKEY_LOCAL_MACHINE\Software\Classes\Adkiller**

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet explorer\Activex compatibility\{1b0e7716-898e-4...*

HKEY_CLASSES_ROOT\Coolbar**

HKEY_LOCAL_MACHINE\Software\Classes\Coolbar* *

HKEY_CURRENT_USER\Software\Yahoo*

HKEY_LOCAL_MACHINE\Software\Yahoo*

HKEY_CLASSES_ROOT\Zschkfile*

HKEY_CLASSES_ROOT\Ebay**

HKEY_USERS\S-1-5-**\Software\Microsoft\Internet explorer\Menuext\*ebay**

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run\Ebay* *

HKEY_CLASSES_ROOT\Applications\Pig* *

HKEY_LOCAL_MACHINE\Software\Classes\Applications\Pig**

HKEY_LOCAL_MACHINE\Software\Miranda *

HKEY_USERS\S-1-5-*\So

展开阅读全文