Entri-entri registri windows yang sering dipergunakan untuk menjalankan program secara otomatis ketika Windows di nyalakan. hal ini sering digunakan oleh beberapa program untuk menjalankan programnya sercara otomatis (autorun) maupun oleh virus-virus pada umumnya. HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks HKCU\SOFTWARE\Microsoft\Command Processor\Autorun HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKLM\System\CurrentControlSet\Services HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects HKLM\Software\Microsoft\Internet Explorer\Toolbar HKLM\Software\Microsoft\Internet Explorer\Extensions HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKLM\SOFTWARE\Microsoft\Command Processor\Autorun HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 Jadi, waspadalah! |
0 comments:
Posting Komentar