PC World 2008 September

home *** CD-ROM | disk | FTP | other *** search

/ PC World 2008 September / PCWorld_2008-09_cd.bin / system / regrun / regruns.exe / regruns580.exe / {app} / startup.rbm < prev next >

Wrap

Text File | 2004-10-10 | 10KB | 176 lines

@#$Node 0 Internet Explorer @#$Key 1 Internet Explorer Start Page HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page IE home page. @#$Key 1 Browser Helper Objects HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Browser Helper Objects are the COM componentsùthat Internet Explorer will load each time it starts up. For example, a BHO could spy all browser events, access the browser's menu and toolbar and make changes, create windows to display additional information, etc. There are no default objects. @#$Key 1 Internet Explorer Styles HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles User can set own style sheet file for Internet Explorer. May be used by a virus. Value: User Stylesheet REG_SZ Empty. It contains the full path to user style file. Use My Stylesheet REG_DWORD 1 - use. 0 - do not use user stylesheet. @#$Key 1 Distribution Units HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Code Store Database\Distribution Units Internet software distribution units are packages consisting of a cabinet file (.cab) that contains an INF file and/or an Open Software Description (OSD) file, with or without a software component. One or more distribution units may be needed to distribute a single software component. The software provider or Web master, can create distribution units that, when placed on your Web server, enable the MicrosoftR Internet Explorer Internet Component Download services to pull down and install software on users' computers. @#$Node 0 Shell @#$Key 1 ShellExecuteHooks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks The ShellExecuteHooks registry key contains the list of COM objects that trap execute commands. Each object has the GUID. By default you must have the "shell32.dll". If you don't see sheel32.dll GUID "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" it is not fatal. Your computer will work. @#$Key 1 ShellServiceObjectDelayLoad HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad The ShellServiceObject DelayLoad key is used to automatically load DLL, required for Explorer. This key is used by the new generation of the viruses. Usually, this key contains: CDBurn, PostBootReminder, SysTray, WebCheck items. But these items are not required for normal processing . @#$Key 1 SharedTaskScheduler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler Contains the list of GUIDs corresponded to the COM components. Good GUIDs for Windows XP: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Windows Browseui {8C7461EF-2B13-11d2-BE35-3078302C2030} - Cache daemon. Virus example: {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - c:\windows\system32\mtwirl32.dll @#$Node 0 System @#$Key 1 VxD List HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD "VxD" stands for Virtual "something" Device, where 'x' stands for "something". Microsoft often names drivers according to this convention, thus "VKD" is the Virtual Keyboard Device. VxDs are loaded into the protected (ring-0) operating system address space, and have full access to the system hardware. Static VxD are loaded automatically at Windows startup. Please, do not change required VxD. @#$Key 1 System Services HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services List of the services. @#$Key 1 WinSock2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 It contains the list of DLL in the Winsock2 stack. Do not change this key manually using regedit. It will cause the system crash. Do not delete the Microsoft DLLs: mswsock.dll, winrnr.dll, rsvpsp.dll. Use RegRun Recovering Winsock feature top remove useless components. @#$Key 1 BootExecute HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute BootExecute is configured to execute programs on the Kernel phase boot. Usually it is used to check disks. Default: autocheck autochk *. @#$Key 1 IniFileMapping for win.ini HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini This key is used to map file sections to the registry keys. @#$Key 1 IniFileMapping system.ini HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini This key is used to map file sections to the registry keys. @#$Key 1 AppInit_DLLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs All of the DLLs specified in the AppInit_DLLs value are loaded by each Windows-based application running within the current logon session. Only the first 32 characters of the AppInit_DLLs value are picked up by the system. Default: no items. @#$Key 1 User Shell Folders HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders The User Shell Folders subkey stores the paths to Windows Explorer folders for the current user of the computer. Note The entries in this subkey can appear in both the Shell Folders subkey and the User Shell Folders and in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. The entries that appear in user User Shell Folders take precedence over those in Shell Folders. The entries that appear in HKEY_CURRENT_USER take precedence over those in HKEY_LOCAL_MACHINE. @#$Key 1 Shell Folders Startup HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup Windows 2000/XP does not use this subkey. The subkey remains in the registry to support programs designed for Windows NT 4.0 or earlier. Note Paths to the Windows Explorer folders are stored in the User Shell Folders subkey. For more information about shell folders, see Software Development Kit (SDK) information in the MSDN Library link on the Web Resources page. @#$Key 1 Active Setup Installed Components HKEY_LOCAL_MACHINE\\Software\Microsoft\Active Setup\Installed Components Active Setup registry key is used to store information about installed software components. First, it was used with Internet Explorer installation. Today it contains information about installed Windows components. If a subkey contains StubPath value, the component may execute any program stored in the StubPath value. Usually this component sets IsInstalled value to 1, to prevent launching it in the future. But any program can use "Active Setup" to run a program. Pay attention to StubPath value. An easy way to manage Active Setup is the "Windows Core Components". Launch RegRun Start Control and choose Feature menu, Windows Core Components. This feature allows you to pause or delete unwanted Active Setup items. @#$Key 1 Svchost HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging. @#$Key 1 Winlogon System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System The programs listed in the value launch in the protected system context. @#$Key 1 Winlogon Taskman HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\TaskMan Specifies the task manager that the system uses during logon. @#$Key 1 Winlogon VMApplet HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VMApplet Specifies programs that Winlogon runs for the user so that the user can adjust the configuration of virtual memory when there is no paging file on the system volume. These programs run only when the system volume does not include a paging file. @#$Key 1 Winlogon Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify Winlogon loads any notification packages listed in this key. Each package uses own subkey under Notify key. The DllName value(REG_EXPAND_SZ) contains the DLL file name. @#$Key 1 HKLM Policies System HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System The System subkey stores the entries created when you configure a Group Policy that affects a basic component of Windows. Group Policy creates and maintains the entries in this subkey, and the component program reads and interprets them. @#$Node 0 Desktop @#$Key 1 SCRNSAVE.EXE HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE Current screen saver. May be empty if the screen saver is not set. @#$Node 0 Run @#$Key 1 HKLM RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Since Windows 98 (and Windows 2000) this key is used for run applications at Windows startup. The syntax and format used for these keys is different from the RunOnce and Run keys. The RunEx key can have Flags value that used to set processing options. Title value is used to display it during processing. The list of auto start programs are stored in the sub-keys. You can find the full information in RegRun's help manual. Refer to Start Control, RunEx folder. @#$Key 1 HKCU RunOnceEx HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Since Windows 98 (and Windows 2000) this key is used for run applications at Windows startup. The syntax and format used for these keys is different from the RunOnce and Run keys. The RunEx key can have Flags value that used to set processing options. Title value is used to display it during processing. The list of auto start programs are stored in the sub-keys. You can find the full information in RegRun's help manual. Refer to Start Control, RunEx folder.