HIPS 自定义框架
整理:Baker 2011.8.17 特别感谢zengjian96帮我排版
对关键程序注入运行防护:
*.bat
*.cmd
*.com
*.dll
*.drv
*.exe
*.lnk
*.ocx
*.pif
*.scr
*.sys
关键文件/程序防护:
Cacls.exe
cmd.exe
command.com
cscript.exe
csrss.exel
debug.exe
diskpart.exe
format.exe
ftp.exe
对文件夹的保护:
C\WINDOWS
C\WINDOWS\system.ini
C\WINDOWS\system32
C\WINDOWS\system32
C\WINDOWS\System32\AUTOEXEC.nt
C\WINDOWS\System32\bootvrfy.exe
C\WINDOWS\system32\config
C\WINDOWS\System32\CONFIG.nt
C\WINDOWS\System32\control.ini
C\WINDOWS\system32\drivers
C\WINDOWS\system32\drivers\etc
C\WINDOWS\system32\drivers\etc
C\WINDOWS\System32\logon.exe
C\WINDOWS\System32\ntdos.sys
C\WINDOWS\system32\svchost.exe
C\WINDOWS\win.ini.
C\WINDOWS\wininit.ini
HOSTS
msconfig.exe
msh.exe
mshta.exe
net.exe
net1.exe
netsh.exe
netstat.exe
ntoskrnl.exe
ntsd.exe
ntvdm.exe
reg.exe
regedit.exe
regsvr32.exe
replace.exe
rundll32
lsass.exe
schtasks.exe
services.exe
smss.exe
svchost.exe
system.exe
taskkill.exe
tasklist.exe
telnet.exe
tftp.exe
winlogon.exe
winrar.exe
wscript.exe
注册表关键位置防护
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\polices\system\h
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explore\DisallowRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explore\NoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRunH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RistrictRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windowsnt\Currentversion\Windows\load
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\load
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Programs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Programs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internetexplorer\Infodelivery\Restrictions\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internetexplorer\Toolbars\Restrictions\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon\p
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Windowsupdate\
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windowsfirewall\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\j
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\Shell\Open\Command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\shell\open\command\d
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shell\open\command\j
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShellScrap\shell\open\command\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShellScrap\shell\open\command\v
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ActiveSetup\InstalledComponents\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Activesetup\InstalledComponents\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CodeStoreDatabase\DistributionUnits\r
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CodeStoreDatabase\DistributionUnits\V
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CommandProcessor\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CommandProcessor\V
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Extensions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\Default_Page_URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\Default_Search_URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\HOMEOldSP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\LocalPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\SearchPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\StartPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Main\StartPage_bak
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\Default_Search_URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Search\SearchAssistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internetexplorer\Toolbar\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\V
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\Advanced\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShareTaskScheduler\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShellExecuteHooks\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\ShellFolders\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explore\UserShellFolders\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Explorer\Browserhelperobjects\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserShellFolders\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\h
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\t
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\x
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate\AUOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DriverSigning
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Accessibility\UtilityManager\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Accessibility\UtilityManager\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\GinaDLL\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\v
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SvcHost\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SvcHost\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore\DisableSR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore\DisableSR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GinaDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GunaDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SFCDisabale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SFCDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList\x
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Taskman
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Taskman
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UIHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UIHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UserInit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\UserInit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\VmApplet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\VmApplet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WOW\boot\t
HKEY_LOCAL_MACHINE\SOFTWARE\Mirabilis\ICQ\Agent\Apps\IcqWinCfg\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\r
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windowsupdate\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windowsfirewall\t
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\t
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\Environment\ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SessionManager\Environment\ComSpect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\r
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\Environment\ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SessionManager\Environment\ComSpect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\Environment\ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SessionManager\Environment\ComSpect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvide\Order
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\r
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\ComSpec
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\ComSpect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\Path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Environment\Path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\KnownDLLs\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\KnownDLLs\p
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendindFileRenameOprations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ShellHWDetection\V
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\Wds\rdpwd\StartupPrograms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalSever\Wds\rdpwd\StartupPrograms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\d
HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\
HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\SearchBar
HKEY_USERS\.default\SOFTWARE\Microsoft\Internetexplorer\Main\SearchPage
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\MessengerService\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Devices\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\PrintPorts\
HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\SOFTWARE\Microsoft\InternetExplorer\Main\StartPage
转载于:https://www.cnblogs.com/zhxfl/archive/2011/11/13/2246937.html
HIPS 自定义框架相关推荐
- 实战:基于自定义注解实现自定义框架Spring
实战:基于自定义注解实现自定义框架Spring 一.自定义注解介绍 1.1 通过反射API,可以判断一个类.接口.字段或者方法上是否有注解 Class类(java.lang包下)中提供了一些方法用于反 ...
- 不会框架不要紧,我带你自定义框架
不会框架不要紧,我带你自定义框架 前言:这标题说的有点大了,当一回标题党,之前在学JSP的时候提到了JSTL和EL表达式,由于一直钟情于Servlet,迟迟没有更新别的,这回算是跳出来了.这回放个大招 ...
- php前台可自定义框架,实现Discuz!前台DIY自定义框架比例
Discuz!建站用户应该都知道它的DIY功能,该功能主要是利用页面拖拽技术,在不编写代码的情况下实现快速布局页面.聚合调用站内数据的功能.在默认的布局框中中我们看到有多种比例,不过如果站长朋友用DI ...
- Dynamics CRM2011自定义框架解决方案
Dynamics CRM2011自定义框架解决方案 解决方案文件下载 一. 目的 许多客户习惯之前系统自定义开发的页面.操作习惯或界面风格,但使用了Dynamics CRM2011后只能使用产品自带 ...
- django基础、自定义框架
django基础 HTTP 超文本传输协议 是在应用层 如今广泛使用的是HTTP1.1 默认为80端口 5层协议: HTTP协议 应用层 TCP/UDP协议 运输层 IP 网络层 数据链路层 物理层 ...
- day50 django第一天 自定义框架
主要内容: 1.http协议 2.web框架 3.Django 1.http协议 1.1 http协议的简介 超文本传输协议(英文:Hyper Text Transfer Protocol,HTTP) ...
- php自定义框架,「php 框架」自定义php框架(篇一) - seo实验室
php 框架 老是用别人的东西,虽然一时爽,但想做深度开发,哪有自己的东西用起来方便?那我们就自己弄一个php小框架,知根知底,想怎么改就怎么改,岂不爽哉? 如图,mvc即框架名,旗下包含7个文件夹, ...
- php mvc自定义框架视频教程,基于PHP面向对象的自定义MVC框架高级项目开发视频教程...
├ │ ├01-温故而知新.wmv │ ├02-验证码技术介绍.wmv │ ├03-GD处理图像的基本步骤.wmv │ ├04-画布操作基本步骤-补充.wmv │ ├05-仿制ecshop验 ...
- socket自定义框架
socket代码 import socket server_sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_sk.bind( ...
最新文章
- 卷积神经网络CNN——图像卷积与反卷积(后卷积,转置卷积)
- python查看工作目录_闲话python-36:文件系统操作
- 1.2 检测和测量图像中的圆形目标
- 关于 PHP 5.4 你所需要知道的
- Java中如何引用文档对象模型_在JAVA中使用文档对象模型DOM经验小结
- 双网卡主机配置oracle监听,VirtualBox设置双网卡实现虚机上网及主宿机互访
- 顺风车订单已结束仍在录音 嘀嗒出行回应录音机制
- 妙用Python内置函数int()快速计算等比数列前n项和
- Rust 越来越香了!AWS 雇佣 Rust 编译器团队负责人 Felix Klock
- 黑马程序员-OC-内存管理(非ARC模式下)
- python 在window 系统 连接并操作远程 oracle 数据库
- Python编程入门教程
- 基于matpower的电力系统潮流计算matlab程序
- 机器学习CS229极简的6张速查表
- SQL查询语句大全(个人总结)
- rs232接口_各类PLC都支持RS232和485通讯,原理和方法普及一下
- 易语言制作的QQ聊天中常用的GIF图片【带源码下载】
- 深入理解Arduino下的ESP8266_Non-OS_SDK API① Non-OS SDK
- 微信公众号服务器配置但没有回调,微信公众号 “服务器配置” 踩坑记
- imx8mq-evk快速启动-方案讨论,准备工作