investigando el propio antivirus... debido a que informa que rutas del registro protege...
no se si serviran pero como no las he visto publicadas.. se que mas de alguien les servira ebido que asi se puede burlar la tradicional
"HKLM\Software\Microsoft\Windows\CurrentVrsion\Run\"
xD
hay van las rutas del registro
HKEY_CLASSES_ROOT\*file\shell\open\command *
HKEY_CLASSES_ROOT\*file\shell\runas\command *
*\Software\Microsoft\Windows NT\CurrentVersion\AEDebug (Clave=Debugger)
*\Software\Microsoft\Windows NT\CurrentVersion\Winlogon (Clave=Shell)
*\Software\Microsoft\Windows NT\CurrentVersion\Winlogon (Clave=UserInit)
HKLM\SYSTEM\ControlSet???\Control\SafeBoot\Network\*\Parameters (Clave=ServiceDll)
*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\* (Clave=DllName)
*\Software\Microsoft\Windows*\CurrentVersion\Run* *
HKCU\Software\Mirabilis\ICQ\Agent\Apps *
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ICQ* (Clave=Path)
HKLM\Software\Microsoft\Active Setup\Installed Components\* (Clave=StubPath)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WOW\BOOT *
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WOW\NonWindowsApp *
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WOW\Standard *
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers *
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 *
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows (Clave=AppInit_DLLs)
*\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad *
HKLM\system\currentcontrolset\control\Session Manager (Clave=BootExecute)
HKLM\SOFTWARE\Microsoft\VBA\Monitors\* (Clave=CLSID)
*\Control Panel\Desktop (Clave=SCRNSAVE.EXE "no tengo idea de esto xD")
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler *
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks *
*\Software\Policies\Microsoft\Windows\System\Scripts\* *
*\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries *
*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (Clave=Taskman)
*\Software\Microsoft\Windows\CurrentVersion\Policies\System (Clave=Shell)
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved *
*\Software\Microsoft\Command Processor (Clave=AutoRun)
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe *
HKLM\System\CurrentControlSet\Control\MPRServices\* (Clave=DLLName)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders (Clave=Common Startup)
HKEY_USERS\*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders (Clave=Startup)
HKLM\SYSTEM\ControlSet???\Control\Session Manager\Environment (Clave=ComSpec)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon (Clave=GinaDLL)
HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram (Clave=ImagePath)
HKLM\SYSTEM\ControlSet???\Control\VirtualDeviceDrivers (Clave=VDD)
HKLM\SYSTEM\ControlSet???\Control\SafeBoot (Clave=AlternateShell)
HKLM\SYSTEM\ControlSet???\Control\SafeBoot\Minimal\* (Clave=ImagePath)
HKLM\SYSTEM\ControlSet???\Control\SafeBoot\Network\* (Clave=ImagePath)
HKLM\SYSTEM\ControlSet???\Control\SafeBoot\Minimal\*\Parameters (Clave=ServiceDll)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows (Clave=load)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows (Clave=run)
ERRRATA= donde dice "CLAVE" debe decir "VALOR" me equivoque cuando estaba terminando
ojala pueda servir de algo
y que no sea en vano mi aporte xDD
saludos
47
con los dedos mutillados xDDD
Autor