[密码]启用Syskey时系统对注册表的处理

[密码]启用Syskey时系统对注册表的处理

[密码]启用Syskey时系统对注册表的处理 Syskey作为系统的第一层密码，一旦起用就无法关闭，有的说可以通过导入以前注册表来关闭syskey或者是用Repair文件夹里的SAM文件覆盖Config里面的SAM，上面的方法是网上流传的，我没试过。

我用了RegSnap对起启用syskey前的注册表和启用syskey后的注册表进行了对比。结果如下：

已删除键: 6

已修改键: 42

新建键 : 32

已删除键

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\@

键值: <值未设置>

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\@

键值: <值未设置>

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\4\1\0\0

键值: 类型: REG_BINARY 长度: 54 字节

34 00 31 00 00 00 00 00 F4 32 D1 0D 10 00 44 41 | 4.1......2....DA

54 41 00 00 20 00 03 00 04 00 EF BE 8B 33 39 15 | TA.. ........39.

8A 33 00 80 14 00 00 00 44 00 61 00 74 00 61 00 | .3......D.a.t.a.

00 00 14 00 00 00 | ......

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\4\1\0\0\MRUListEx

键值: 类型: REG_BINARY 长度: 4 字节

FF FF FF FF | ....

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\4\1\0\0\NodeSlot

键值: DWORD: 316 (0x13c)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Vitas\RegSnap\estimReg\@

键值: <值未设置>

--------------

位置总数: 6

已修改键

HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\F

新建键

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\a

另外：下面的键值，RegSnap处理失败。

SAC子键 主键为secrets

SAI子键 主键为secrets

SCM:{C36729C6-65CB-4A6F-8B96-53FF94E3A8D2} 主键为secrets

SCM:{D0362CF9-9DAC-4898-8D1A-CC11034B1B68} 主键为secrets

SCM:{D1362CF9-9DAC-4898-8D1A-CC11034B1B68} 主键为secrets

Old value: 类型: REG_BINARY 长度: 240 字节

02 00 01 00 00 00 00 00 00 95 C0 DA FB D9 C5 01 | ................

2E 00 00 00 00 00 00 00 00 00 00 00 40 DE FF FF | ............@...

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 | ................

00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF | ................

00 00 00 00 00 00 00 00 F1 03 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 | ................

01 00 00 00 01 00 01 00 01 00 00 00 38 00 00 00 | ............8...

81 60 6A 3C 3D C7 F6 68 83 06 42 E9 7D B6 6E F5 | .`j<=..h..B.}.n.

24 39 A1 FB 9D B0 62 C2 36 8E 38 C5 BF 0B C3 65 | $9....b.6.8....e

91 26 79 B0 1E 31 73 73 68 A8 75 11 AB 92 BD 43 | .&y..1ssh.u....C

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 | ................

New value: 类型: REG_BINARY 长度: 240 字节

02 00 01 00 00 00 00 00 00 95 C0 DA FB D9 C5 01 | ................

2E 00 00 00 00 00 00 00 00 00 00 00 40 DE FF FF | ............@...

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 | ................

00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF | ................

00 00 00 00 00 00 00 00 F1 03 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 | ................

01 00 00 00 02 00 01 00 01 00 00 00 38 00 00 00 | ............8...

81 60 6A 3C 3D C7 F6 68 83 06 42 E9 7D B6 6E F5 | .`j<=..h..B.}.n.

A6 C4 EF D3 1E FC 17 D9 9A 85 45 AF FC BF 3D 01 | ..........E...=.

C7 58 BD EB 55 41 B4 55 15 C6 80 1D BC A0 32 81 | .X..UA.U......2.

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 | ................

HKEY_LOCAL_MACHINE\SECURITY\Policy\PolSecretEncryptionKey\@

Old value: 类型: REG_NONE 长度: 76 字节

01 00 00 00 01 00 00 00 00 00 00 00 4E 76 57 E0 | ............NvW.

64 0B F0 7E 95 55 96 F9 4D CA 81 58 84 0E 73 FA | d..~.U..M..X..s.

4D F9 2D 56 13 8A 0B 46 ED 10 CD E8 4B 4F 65 7E | M.-V...F....KOe~

28 CB 8F E2 0F D5 45 29 08 6C FB 55 64 C9 F1 14 | (.....E).l.Ud...

E4 F2 8A DF B6 38 9C C0 36 38 47 05 | .....8..68G.

New value: 类型: REG_NONE 长度: 76 字节

01 00 00 00 02 00 00 00 00 00 00 00 FB 14 13 41 | ...............A

31 04 EF 2A 72 6C 3D A1 C4 29 87 62 17 FC 99 A8 | 1..*rl=..).b....

18 7D 2E 5E 77 5D 0B 52 5F A0 80 D7 A7 FF A2 79 | .}.^w].R_......y

6A 30 DB F9 FB 6A F1 1D 98 99 1D D7 64 C9 F1 14 | j0...j......d...

E4 F2 8A DF B6 38 9C C0 36 38 47 05 | .....8..68G.

HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\F

Old value: 类型: REG_BINARY 长度: 240 字节

02 00 01 00 00 00 00 00 00 95 C0 DA FB D9 C5 01 | ................

2E 00 00 00 00 00 00 00 00 00 00 00 40 DE FF FF | ............@...

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 | ................

00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF | ................

00 00 00 00 00 00 00 00 F1 03 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 | ................

01 00 00 00 01 00 01 00 01 00 00 00 38 00 00 00 | ............8...

81 60 6A 3C 3D C7 F6 68 83 06 42 E9 7D B6 6E F5 | .`j<=..h..B.}.n.

24 39 A1 FB 9D B0 62 C2 36 8E 38 C5 BF 0B C3 65 | $9....b.6.8....e

91 26 79 B0 1E 31 73 73 68 A8 75 11 AB 92 BD 43 | .&y..1ssh.u....C

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 | ................

New value: 类型: REG_BINARY 长度: 240 字节

02 00 01 00 00 00 00 00 00 95 C0 DA FB D9 C5 01 | ................

2E 00 00 00 00 00 00 00 00 00 00 00 40 DE FF FF | ............@...

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 | ................

00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF | ................

00 00 00 00 00 00 00 00 F1 03 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 | ................

01 00 00 00 02 00 01 00 01 00 00 00 38 00 00 00 | ............8...

81 60 6A 3C 3D C7 F6 68 83 06 42 E9 7D B6 6E F5 | .`j<=..h..B.}.n.

A6 C4 EF D3 1E FC 17 D9 9A 85 45 AF FC BF 3D 01 | ..........E...=.

C7 58 BD EB 55 41 B4 55 15 C6 80 1D BC A0 32 81 | .X..UA.U......2.

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 | ................

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed

Old value: 类型: REG_BINARY 长度: 80 字节

A3 6B 11 04 45 1B CB AA F2 5F 41 5E 35 44 C8 1A | .k..E...._A^5D..

72 26 3F D6 B9 07 A5 52 F1 78 EF 01 F0 75 3E 5C | r&?....R.x...u> CF 30 2B 7B 38 E1 6F B9 69 4A 12 3C 6C 0E 59 8A | .0+{8.o.iJ.<l.Y.

9A 9F DA 5B CF 8A 2C 3A 7F 6B 0B 36 91 F1 F3 29 | ...[..,:k.6...)

C1 5F 23 F5 21 0F 5F 25 28 C8 BE 10 66 5F A1 83 | ._#.!._%(...f_..

New value: 类型: REG_BINARY 长度: 80 字节

7F 26 B5 C4 B4 AB 28 C6 09 81 C9 BF 29 45 76 17 | &....(.....)Ev.

83 25 AC A7 9C 3A C8 8A 81 EB 64 13 F1 32 B1 98 | .%...:....d..2..

5C C6 57 61 FB 98 FD 06 D4 B9 75 A4 03 77 F4 DA | \.Wa......u..w..

42 3F BF 26 8E D7 00 AC 91 19 B3 DA 4A 93 D3 FA | B?.&........J...

F2 24 96 AA BC 41 4B A3 D0 70 E7 AA 57 5D F4 4B | .$...AK..p..W].K

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed

Old value: DWORD: 39 (0x27)

New value: DWORD: 43 (0x2b)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful

Old value: DWORD: 34 (0x22)

New value: DWORD: 35 (0x23)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Data\Pattern

Old value: 类型: REG_BINARY 长度: 64 字节

29 01 C4 CA E0 FE D1 7F 15 76 60 EF E4 0A DB 74 | ).......v`....t

34 65 63 30 33 36 65 39 00 FD 07 00 D0 3C 00 00 | 4ec036e9.....<..

34 FA 07 00 56 82 51 74 20 FA 07 00 40 FD 07 00 | 4...V.Qt ...@...

4C FD 07 00 39 A1 2E F0 A5 3C C0 34 EB 38 C3 4E | L...9....<.4.8.N

New value: 类型: REG_BINARY 长度: 64 字节

75 21 DB 65 5F 0C AC BE 5E 73 0E D1 53 17 92 6E | u!.e_...^s..S..n

37 62 33 62 38 34 62 62 00 00 00 00 01 00 00 00 | 7b3b84bb........

E0 00 00 00 EC 00 00 00 4C F3 07 00 A3 2F 00 01 | ........L..../..

04 00 00 00 CC D7 DA 77 02 00 00 00 2F 63 85 B2 | .......w..../c..

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\GBG\GrafBlumGroup

Old value: 类型: REG_BINARY 长度: 9 字节

74 AF EB 33 35 36 FA 4B 56 | t..356.KV

New value: 类型: REG_BINARY 长度: 9 字节

33 25 45 19 DD 53 77 9A 37 | 3%E..Sw.7

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\JD\Lookup

Old value: 类型: REG_BINARY 长度: 6 字节

6C 91 75 AD 2F 57 | l.u./W

New value: 类型: REG_BINARY 长度: 6 字节

9D F6 F0 45 61 0D | ...Ea.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SecureBoot

Old value: DWORD: 1 (0x1)

New value: DWORD: 2 (0x2)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Skew1\SkewMatrix

Old value: 类型: REG_BINARY 长度: 16 字节

2D BE 2C 02 DE E9 ED 82 C2 89 F9 5F 90 F7 5F F0 | -.,........_.._.

New value: 类型: REG_BINARY 长度: 16 字节

7D CC 3C 35 80 0D 36 CE 7C 4C 40 C7 9A 02 DC 74 | }.<5..6.|L@....t

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\Pattern

Old value: 类型: REG_BINARY 长度: 64 字节

29 01 C4 CA E0 FE D1 7F 15 76 60 EF E4 0A DB 74 | ).......v`....t

34 65 63 30 33 36 65 39 00 FD 07 00 D0 3C 00 00 | 4ec036e9.....<..

34 FA 07 00 56 82 51 74 20 FA 07 00 40 FD 07 00 | 4...V.Qt ...@...

4C FD 07 00 39 A1 2E F0 A5 3C C0 34 EB 38 C3 4E | L...9....<.4.8.N

New value: 类型: REG_BINARY 长度: 64 字节

75 21 DB 65 5F 0C AC BE 5E 73 0E D1 53 17 92 6E | u!.e_...^s..S..n

37 62 33 62 38 34 62 62 00 00 00 00 01 00 00 00 | 7b3b84bb........

E0 00 00 00 EC 00 00 00 4C F3 07 00 A3 2F 00 01 | ........L..../..

04 00 00 00 CC D7 DA 77 02 00 00 00 2F 63 85 B2 | .......w..../c..

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\GrafBlumGroup

Old value: 类型: REG_BINARY 长度: 9 字节

74 AF EB 33 35 36 FA 4B 56 | t..356.KV

New value: 类型: REG_BINARY 长度: 9 字节

33 25 45 19 DD 53 77 9A 37 | 3%E..Sw.7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\Lookup

Old value: 类型: REG_BINARY 长度: 6 字节

6C 91 75 AD 2F 57 | l.u./W

New value: 类型: REG_BINARY 长度: 6 字节

9D F6 F0 45 61 0D | ...Ea.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SecureBoot

Old value: DWORD: 1 (0x1)

New value: DWORD: 2 (0x2)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\SkewMatrix

Old value: 类型: REG_BINARY 长度: 16 字节

2D BE 2C 02 DE E9 ED 82 C2 89 F9 5F 90 F7 5F F0 | -.,........_.._.

New value: 类型: REG_BINARY 长度: 16 字节

7D CC 3C 35 80 0D 36 CE 7C 4C 40 C7 9A 02 DC 74 | }.<5..6.|L@....t

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Notepad\iWindowPosX

Old value: DWORD: 87 (0x57)

New value: DWORD: 120 (0x78)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Notepad\iWindowPosY

Old value: DWORD: 114 (0x72)

New value: DWORD: 366 (0x16e)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew\~reserved~

旧值: 类型: REG_BINARY 长度: 24 字节

18 00 00 00 01 00 01 00 D6 07 03 00 02 00 07 00 | ................

11 00 0D 00 3B 00 8C 00 | ....;...

新值: 类型: REG_BINARY 长度: 24 字节

18 00 00 00 01 00 01 00 D6 07 03 00 04 00 09 00 | ................

15 00 0E 00 2B 00 67 01 | ....+.g.

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx

旧值: 类型: REG_BINARY 长度: 12 字节

01 00 00 00 00 00 00 00 FF FF FF FF | ............

新值: 类型: REG_BINARY 长度: 20 字节

03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 | ................

FF FF FF FF | ....

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU

旧值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 20 1E 00 00 40 28 5A 34 7B 43 C6 01 | .... ...@(Z4{C..

新值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 27 1E 00 00 80 F3 C8 86 7C 43 C6 01 | ....'.......|C..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:::{20Q04SR0-3NRN-1069-N2Q8-08002O30309Q}

旧值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 8A 07 00 00 00 BD DD 2E 7B 43 C6 01 | ............{C..

新值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 8B 07 00 00 40 66 9B 59 7C 43 C6 01 | ........@f.Y|C..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:::{450Q8SON-NQ25-11Q0-98N8-0800361O1103}

旧值: 类型: REG_BINARY 长度: 16 字节

75 00 00 00 1A 00 00 00 70 9A BB 9A A0 3B C6 01 | u.......p....;..

新值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 14 00 00 00 B0 5A 31 7D 7C 43 C6 01 | .........Z1}|C..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\ertrqvg.rkr

旧值: 类型: REG_BINARY 长度: 16 字节

78 00 00 00 06 00 00 00 C0 90 95 85 E3 3D C6 01 | x............=..

新值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 06 00 00 00 B0 27 2C 60 7C 43 C6 01 | .........',`|C..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\ABGRCNQ.RKR

旧值: 类型: REG_BINARY 长度: 16 字节

7E 00 00 00 0F 01 00 00 F0 1F 93 BB E7 41 C6 01 | ~............A..

新值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 0F 01 00 00 70 DF E1 6F 7B 43 C6 01 | ........p..o{C..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG

旧值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 FB 10 00 00 00 BD DD 2E 7B 43 C6 01 | ............{C..

新值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 FF 10 00 00 B0 5A 31 7D 7C 43 C6 01 | .........Z1}|C..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0005A87D-D626-4B3A-84F9-1D9571695F55}\iexplore\Count

旧值: DWORD: 168 (0xa8)

新值: DWORD: 171 (0xab)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0005A87D-D626-4B3A-84F9-1D9571695F55}\iexplore\Time

旧值: 类型: REG_BINARY 长度: 16 字节

D6 07 03 00 04 00 09 00 0D 00 0C 00 39 00 86 01 | ............9...

新值: 类型: REG_BINARY 长度: 16 字节

D6 07 03 00 04 00 09 00 0D 00 16 00 12 00 28 01 | ..............(.

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore\Count

旧值: DWORD: 168 (0xa8)

新值: DWORD: 171 (0xab)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore\Time

旧值: 类型: REG_BINARY 长度: 16 字节

D6 07 03 00 04 00 09 00 0D 00 0C 00 39 00 86 01 | ............9...

新值: 类型: REG_BINARY 长度: 16 字节

D6 07 03 00 04 00 09 00 0D 00 16 00 12 00 28 01 | ..............(.

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33BBE430-0E42-4F12-B075-8D21ACB10DCB}\iexplore\Count

旧值: DWORD: 168 (0xa8)

新值: DWORD: 171 (0xab)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33BBE430-0E42-4F12-B075-8D21ACB10DCB}\iexplore\Time

旧值: 类型: REG_BINARY 长度: 16 字节

D6 07 03 00 04 00 09 00 0D 00 0C 00 39 00 86 01 | ............9...

新值: 类型: REG_BINARY 长度: 16 字节

D6 07 03 00 04 00 09 00 0D 00 16 00 12 00 28 01 | ..............(.

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62EED7C6-9F02-42F9-B634-98E2899E147B}\iexplore\Count

旧值: DWORD: 168 (0xa8)

新值: DWORD: 171 (0xab)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62EED7C6-9F02-42F9-B634-98E2899E147B}\iexplore\Time

旧值: 类型: REG_BINARY 长度: 16 字节

D6 07 03 00 04 00 09 00 0D 00 0C 00 39 00 86 01 | ............9...

新值: 类型: REG_BINARY 长度: 16 字节

D6 07 03 00 04 00 09 00 0D 00 16 00 12 00 28 01 | ..............(.

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\Shell\Bags\1\Desktop\ItemPos800x600(1)

旧值: 类型: REG_BINARY 长度: 856 字节

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

68 00 00 00 A4 00 00 00 14 00 1F 48 BA 8F 0D 45 | h..........H...E

25 AD D0 11 98 A8 08 00 36 1B 11 03 18 00 00 00 | %.......6.......

02 00 00 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 | .......P.O. .:i.

A2 D8 08 00 2B 30 30 9D 18 00 00 00 53 00 00 00 | ....+00.....S...

14 00 1F 58 60 2C 8D 20 EA 3A 69 10 A2 D7 08 00 | ...X`,. .:i.....

2B 30 30 9D 18 00 00 00 A4 00 00 00 14 00 1F 60 | +00............`

40 F0 5F 64 81 50 1B 10 9F 08 00 AA 00 2F 95 4E | @._d.P......./.N

18 00 00 00 F5 00 00 00 30 00 35 00 00 00 00 00 | ........0.5.....

66 33 75 2C 10 00 00 5F D1 53 00 00 1C 00 03 00 | f3u,..._.S......

04 00 EF BE 66 33 75 2C 68 34 00 80 14 00 00 00 | ....f3u,h4......

00 5F D1 53 00 00 14 00 18 00 00 00 97 01 00 00 | ._.S............

30 00 35 00 00 00 00 00 5A 33 10 49 10 00 38 6E | 0.5.....Z3.I..8n

0F 62 00 00 1C 00 03 00 04 00 EF BE 5A 33 10 49 | .b..........Z3.I

65 34 00 80 14 00 00 00 38 6E 0F 62 00 00 14 00 | e4......8n.b....

68 00 00 00 46 01 00 00 4C 00 32 00 15 02 00 00 | h...F...L.2.....

5B 33 2F 67 20 00 49 43 45 53 57 4F 52 44 2E 4C | [3/g .ICESWORD.L

4E 4B 00 00 30 00 03 00 04 00 EF BE 5B 33 2F 67 | NK..0.......[3/g

68 34 00 80 14 00 00 00 49 00 63 00 65 00 53 00 | h4......I.c.e.S.

77 00 6F 00 72 00 64 00 2E 00 6C 00 6E 00 6B 00 | w.o.r.d...l.n.k.

00 00 1C 00 18 00 00 00 E8 01 00 00 46 00 32 00 | ............F.2.

35 02 00 00 5A 33 ED 45 20 00 57 49 4E 41 4D 50 | 5...Z3.E .WINAMP

2E 4C 4E 4B 00 00 2C 00 03 00 04 00 EF BE 5A 33 | .LNK..,.......Z3

0D 44 68 34 00 80 14 00 00 00 57 00 49 00 4E 00 | .Dh4......W.I.N.

41 00 4D 00 50 00 2E 00 4C 00 4E 00 4B 00 00 00 | A.M.P...L.N.K...

1A 00 68 00 00 00 02 00 00 00 52 00 32 00 F7 02 | ..h.......R.2...

00 00 65 33 6E 67 20 00 57 49 4E 44 4F 57 7E 31 | ..e3ng .WINDOW~1

2E 4C 4E 4B 00 00 36 00 03 00 04 00 EF BE 65 33 | .LNK..6.......e3

6E 67 68 34 00 80 14 00 00 00 77 00 69 00 6E 00 | ngh4......w.i.n.

64 00 6F 00 77 00 73 00 18 4F 16 53 27 59 08 5E | d.o.w.s..O.S'Y.^

2E 00 6C 00 6E 00 6B 00 00 00 1C 00 68 00 00 00 | ..l.n.k.....h...

53 00 00 00 54 00 36 00 DC 05 00 00 5A 33 4F 42 | S...T.6.....Z3OB

20 00 7E 81 AF 8B 51 00 51 00 CA 73 5A 74 6B 86 | .~...Q.Q..sZtk.

48 72 2E 00 6C 00 6E 00 30 00 03 00 04 00 EF BE | Hr..l.n.0.......

5A 33 4F 42 68 34 00 80 14 00 00 00 7E 81 AF 8B | Z3OBh4......~...

51 00 51 00 CA 73 5A 74 6B 86 48 72 2E 00 6C 00 | Q.Q..sZtk.Hr..l.

6E 00 6B 00 00 00 24 00 68 00 00 00 97 01 00 00 | n.k...$.h.......

48 00 36 00 E3 05 00 00 65 34 3C 6B 20 00 43 53 | H.6.....e4<k .CS

43 53 59 97 2C 54 2E 00 6C 00 6E 00 6B 00 00 00 | CSY.,T..l.n.k...

28 00 03 00 04 00 EF BE 65 34 3B 6B 68 34 00 80 | (.......e4;kh4..

14 00 00 00 43 53 43 53 59 97 2C 54 2E 00 6C 00 | ....CSCSY.,T..l.

6E 00 6B 00 00 00 20 00 18 00 00 00 46 01 00 00 | n.k... .....F...

58 00 32 00 79 09 00 00 61 34 50 6D 20 00 4F 50 | X.2.y...a4Pm .OP

45 4E 4F 46 7E 31 2E 4C 4E 4B 00 00 3C 00 03 00 | ENOF~1.LNK..<...

04 00 EF BE 6E 33 2C 6F 68 34 00 80 14 00 00 00 | ....n3,oh4......

4F 00 70 00 65 00 6E 00 4F 00 66 00 66 00 69 00 | O.p.e.n.O.f.f.i.

63 00 65 00 20 00 32 00 2E 00 30 00 2E 00 6C 00 | c.e. .2...0...l.

6E 00 6B 00 00 00 1C 00 68 00 00 00 F5 00 00 00 | n.k.....h.......

4C 00 32 00 00 6C 01 00 04 31 90 06 20 00 49 45 | L.2..l...1.. .IE

58 50 4C 4F 52 45 2E 45 58 45 00 00 30 00 03 00 | XPLORE.EXE..0...

04 00 EF BE 51 34 2C 44 68 34 00 80 14 00 00 00 | ....Q4,Dh4......

49 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 | I.E.X.P.L.O.R.E.

2E 00 45 00 58 00 45 00 00 00 1C 00 68 00 00 00 | ..E.X.E.....h...

F5 00 00 00 00 00 00 00 | ........

新值: 类型: REG_BINARY 长度: 944 字节

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

68 00 00 00 A4 00 00 00 14 00 1F 48 BA 8F 0D 45 | h..........H...E

25 AD D0 11 98 A8 08 00 36 1B 11 03 18 00 00 00 | %.......6.......

02 00 00 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 | .......P.O. .:i.

A2 D8 08 00 2B 30 30 9D 18 00 00 00 53 00 00 00 | ....+00.....S...

14 00 1F 58 60 2C 8D 20 EA 3A 69 10 A2 D7 08 00 | ...X`,. .:i.....

2B 30 30 9D 18 00 00 00 A4 00 00 00 14 00 1F 60 | +00............`

40 F0 5F 64 81 50 1B 10 9F 08 00 AA 00 2F 95 4E | @._d.P......./.N

18 00 00 00 F5 00 00 00 30 00 35 00 00 00 00 00 | ........0.5.....

66 33 75 2C 10 00 00 5F D1 53 00 00 1C 00 03 00 | f3u,..._.S......

04 00 EF BE 66 33 75 2C 68 34 00 80 14 00 00 00 | ....f3u,h4......

00 5F D1 53 00 00 14 00 18 00 00 00 97 01 00 00 | ._.S............

30 00 35 00 00 00 00 00 5A 33 10 49 10 00 38 6E | 0.5.....Z3.I..8n

0F 62 00 00 1C 00 03 00 04 00 EF BE 5A 33 10 49 | .b..........Z3.I

65 34 00 80 14 00 00 00 38 6E 0F 62 00 00 14 00 | e4......8n.b....

68 00 00 00 E8 01 00 00 50 00 36 00 B1 00 00 00 | h.......P.6.....

69 34 A5 6A 20 00 B0 65 FA 5E 20 00 87 65 2C 67 | i4.j ..e.^ ..e,g

87 65 63 68 2E 00 74 00 78 00 2E 00 03 00 04 00 | .ech..t.x.......

EF BE 69 34 D7 69 68 34 00 80 14 00 00 00 B0 65 | ..i4.ih4.......e

FA 5E 20 00 87 65 2C 67 87 65 63 68 2E 00 74 00 | .^ ..e,g.ech..t.

78 00 74 00 00 00 22 00 68 00 00 00 46 01 00 00 | x.t...'.h...F...

4C 00 32 00 15 02 00 00 5B 33 2F 67 20 00 49 43 | L.2.....[3/g .IC

45 53 57 4F 52 44 2E 4C 4E 4B 00 00 30 00 03 00 | ESWORD.LNK..0...

04 00 EF BE 5B 33 2F 67 68 34 00 80 14 00 00 00 | ....[3/gh4......

49 00 63 00 65 00 53 00 77 00 6F 00 72 00 64 00 | I.c.e.S.w.o.r.d.

2E 00 6C 00 6E 00 6B 00 00 00 1C 00 18 00 00 00 | ..l.n.k.........

E8 01 00 00 46 00 32 00 35 02 00 00 5A 33 ED 45 | ....F.2.5...Z3.E

20 00 57 49 4E 41 4D 50 2E 4C 4E 4B 00 00 2C 00 | .WINAMP.LNK..,.

03 00 04 00 EF BE 5A 33 0D 44 68 34 00 80 14 00 | ......Z3.Dh4....

00 00 57 00 49 00 4E 00 41 00 4D 00 50 00 2E 00 | ..W.I.N.A.M.P...

4C 00 4E 00 4B 00 00 00 1A 00 68 00 00 00 02 00 | L.N.K.....h.....

00 00 52 00 32 00 F7 02 00 00 65 33 6E 67 20 00 | ..R.2.....e3ng .

57 49 4E 44 4F 57 7E 31 2E 4C 4E 4B 00 00 36 00 | WINDOW~1.LNK..6.

03 00 04 00 EF BE 65 33 6E 67 68 34 00 80 14 00 | ......e3ngh4....

00 00 77 00 69 00 6E 00 64 00 6F 00 77 00 73 00 | ..w.i.n.d.o.w.s.

18 4F 16 53 27 59 08 5E 2E 00 6C 00 6E 00 6B 00 | .O.S'Y.^..l.n.k.

00 00 1C 00 68 00 00 00 53 00 00 00 54 00 36 00 | ....h...S...T.6.

DC 05 00 00 5A 33 4F 42 20 00 7E 81 AF 8B 51 00 | ....Z3OB .~...Q.

51 00 CA 73 5A 74 6B 86 48 72 2E 00 6C 00 6E 00 | Q..sZtk.Hr..l.n.

30 00 03 00 04 00 EF BE 5A 33 4F 42 68 34 00 80 | 0.......Z3OBh4..

14 00 00 00 7E 81 AF 8B 51 00 51 00 CA 73 5A 74 | ....~...Q.Q..sZt

6B 86 48 72 2E 00 6C 00 6E 00 6B 00 00 00 24 00 | k.Hr..l.n.k...$.

68 00 00 00 97 01 00 00 48 00 36 00 E3 05 00 00 | h.......H.6.....

65 34 3C 6B 20 00 43 53 43 53 59 97 2C 54 2E 00 | e4<k .CSCSY.,T..

6C 00 6E 00 6B 00 00 00 28 00 03 00 04 00 EF BE | l.n.k...(.......

65 34 3B 6B 68 34 00 80 14 00 00 00 43 53 43 53 | e4;kh4......CSCS

59 97 2C 54 2E 00 6C 00 6E 00 6B 00 00 00 20 00 | Y.,T..l.n.k... .

18 00 00 00 46 01 00 00 58 00 32 00 79 09 00 00 | ....F...X.2.y...

61 34 50 6D 20 00 4F 50 45 4E 4F 46 7E 31 2E 4C | a4Pm .OPENOF~1.L

4E 4B 00 00 3C 00 03 00 04 00 EF BE 6E 33 2C 6F | NK..<.......n3,o

68 34 00 80 14 00 00 00 4F 00 70 00 65 00 6E 00 | h4......O.p.e.n.

4F 00 66 00 66 00 69 00 63 00 65 00 20 00 32 00 | O.f.f.i.c.e. .2.

2E 00 30 00 2E 00 6C 00 6E 00 6B 00 00 00 1C 00 | ..0...l.n.k.....

68 00 00 00 F5 00 00 00 4C 00 32 00 00 6C 01 00 | h.......L.2..l..

04 31 90 06 20 00 49 45 58 50 4C 4F 52 45 2E 45 | .1.. .IEXPLORE.E

58 45 00 00 30 00 03 00 04 00 EF BE 51 34 2C 44 | XE..0.......Q4,D

68 34 00 80 14 00 00 00 49 00 45 00 58 00 50 00 | h4......I.E.X.P.

4C 00 4F 00 52 00 45 00 2E 00 45 00 58 00 45 00 | L.O.R.E...E.X.E.

00 00 1C 00 68 00 00 00 F5 00 00 00 00 00 00 00 | ....h...........

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\4\1\0\MRUListEx

旧值: 类型: REG_BINARY 长度: 8 字节

00 00 00 00 FF FF FF FF | ........

新值: 类型: REG_BINARY 长度: 4 字节

FF FF FF FF | ....

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx

旧值: 类型: REG_BINARY 长度: 16 字节

00 00 00 00 05 00 00 00 04 00 00 00 FF FF FF FF | ................

新值: 类型: REG_BINARY 长度: 20 字节

01 00 00 00 00 00 00 00 05 00 00 00 04 00 00 00 | ................

FF FF FF FF | ....

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ColInfo

旧值: 类型: REG_BINARY 长度: 98 字节

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

FD DF DF FD 0F 00 05 00 24 00 10 00 00 00 2E 00 | ........$.......

00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 | ................

04 00 00 00 78 00 96 00 60 00 60 00 78 00 00 00 | ....x...`.`.x...

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 | ..

新值: 类型: REG_BINARY 长度: 122 字节

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

FD DF DF FD 0F 00 05 00 24 00 10 00 2E 00 46 00 | ........$.....F.

00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 | ................

04 00 00 00 78 00 96 00 60 00 60 00 78 00 00 00 | ....x...`.`.x...

00 00 01 00 00 00 02 00 00 00 03 00 00 00 05 00 | ................

00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 | ..........

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\316\Shell\ColInfo

旧值: 类型: REG_BINARY 长度: 92 字节

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

FD DF DF FD 0F 00 04 00 20 00 10 00 00 00 28 00 | ........ .....(.

00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 | ................

B4 00 60 00 78 00 78 00 00 00 00 00 00 00 00 00 | ..`.x.x.........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 | ............

新值: 类型: REG_BINARY 长度: 118 字节

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

FD DF DF FD 0F 00 05 00 24 00 10 00 2E 00 42 00 | ........$.....B.

00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 | ................

04 00 00 00 B4 00 60 00 78 00 78 00 78 00 00 00 | ......`.x.x.x...

00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF | ................

FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

00 00 00 00 00 00 | ......

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\316\Shell\FolderType

旧值: 字串: 'Documents'

新值: 字串: 'MyDocuments'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\316\Shell\ScrollPos800x600(1).y

旧值: DWORD: 0 (0)

新值: DWORD: 407 (0x197)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Vitas\RegSnap\STARTUPWIZARD\MODE

旧值: DWORD: 0 (0)

新值: DWORD: 3 (0x3)

--------------

位置总数: 42

键值: 类型: REG_BINARY 长度: 112 字节

72 00 65 00 67 00 65 00 64 00 69 00 74 00 2E 00 | r.e.g.e.d.i.t...

65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 | e.x.e...C.:.\.D.

6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 | o.c.u.m.e.n.t.s.

20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 | .a.n.d. .S.e.t.

74 00 69 00 6E 00 67 00 73 00 5C 00 72 00 6F 00 | t.i.n.g.s.\.r.o.

6F 00 74 00 5C 00 4D 00 79 00 20 00 44 00 6F 00 | o.t.\.M.y. .D.o.

63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 00 00 | c.u.m.e.n.t.s...

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\b

键值: 类型: REG_BINARY 长度: 112 字节

52 00 65 00 67 00 53 00 6E 00 61 00 70 00 2E 00 | R.e.g.S.n.a.p...

65 00 78 00 65 00 00 00 43 00 3A 00 5C 00 44 00 | e.x.e...C.:.\.D.

6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 | o.c.u.m.e.n.t.s.

20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 | .a.n.d. .S.e.t.

74 00 69 00 6E 00 67 00 73 00 5C 00 72 00 6F 00 | t.i.n.g.s.\.r.o.

6F 00 74 00 5C 00 4D 00 79 00 20 00 44 00 6F 00 | o.t.\.M.y. .D.o.

63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 00 00 | c.u.m.e.n.t.s...

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList

键值: 字串: 'ba'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\a

键值: 字串: 'C:\Documents and Settings\root\My Documents\2006.reg'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\b

键值: 字串: 'C:\Documents and Settings\root\My Documents\rg-kernelsky-root-030906212109.rgs'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList

键值: 字串: 'ba'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg\a

键值: 字串: 'C:\Documents and Settings\root\My Documents\2006.reg'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\reg\MRUList

键值: 字串: 'a'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rgs\a

键值: 字串: 'C:\Documents and Settings\root\My Documents\rg-kernelsky-root-030906212109.rgs'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rgs\MRUList

键值: 字串: 'a'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgs\OpenWithList\a

键值: 字串: 'RegSnap.exe'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgs\OpenWithList\MRUList

键值: 字串: 'a'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.rgs\0

键值: 类型: REG_BINARY 长度: 226 字节

72 00 67 00 2D 00 6B 00 65 00 72 00 6E 00 65 00 | r.g.-.k.e.r.n.e.

6C 00 73 00 6B 00 79 00 2D 00 72 00 6F 00 6F 00 | l.s.k.y.-.r.o.o.

74 00 2D 00 30 00 33 00 30 00 39 00 30 00 36 00 | t.-.0.3.0.9.0.6.

32 00 31 00 32 00 31 00 30 00 39 00 2E 00 72 00 | 2.1.2.1.0.9...r.

67 00 73 00 00 00 9A 00 32 00 00 00 00 00 00 00 | g.s.....2.......

00 00 00 00 72 67 2D 6B 65 72 6E 65 6C 73 6B 79 | ....rg-kernelsky

2D 72 6F 6F 74 2D 30 33 30 39 30 36 32 31 32 31 | -root-0309062121

30 39 2E 72 67 73 2E 6C 6E 6B 00 00 64 00 03 00 | 09.rgs.lnk..d...

04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 | ................

72 00 67 00 2D 00 6B 00 65 00 72 00 6E 00 65 00 | r.g.-.k.e.r.n.e.

6C 00 73 00 6B 00 79 00 2D 00 72 00 6F 00 6F 00 | l.s.k.y.-.r.o.o.

74 00 2D 00 30 00 33 00 30 00 39 00 30 00 36 00 | t.-.0.3.0.9.0.6.

32 00 31 00 32 00 31 00 30 00 39 00 2E 00 72 00 | 2.1.2.1.0.9...r.

67 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 36 00 | g.s...l.n.k...6.

00 00 | ..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.rgs\MRUListEx

键值: 类型: REG_BINARY 长度: 8 字节

00 00 00 00 FF FF FF FF | ........

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\0

键值: 类型: REG_BINARY 长度: 126 字节

B0 65 FA 5E 20 00 87 65 2C 67 87 65 63 68 2E 00 | .e.^ ..e,g.ech..

74 00 78 00 74 00 00 00 64 00 36 00 00 00 00 00 | t.x.t...d.6.....

00 00 00 00 00 00 B0 65 FA 5E 20 00 87 65 2C 67 | .......e.^ ..e,g

87 65 63 68 2E 00 74 00 78 00 74 00 2E 00 6C 00 | .ech..t.x.t...l.

6E 00 6B 00 00 00 36 00 03 00 04 00 EF BE 00 00 | n.k...6.........

00 00 00 00 00 00 14 00 00 00 B0 65 FA 5E 20 00 | ...........e.^ .

87 65 2C 67 87 65 63 68 2E 00 74 00 78 00 74 00 | .e,g.ech..t.x.t.

2E 00 6C 00 6E 00 6B 00 00 00 2E 00 00 00 | ..l.n.k.......

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\MRUListEx

键值: 类型: REG_BINARY 长度: 8 字节

00 00 00 00 FF FF FF FF | ........

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\2

键值: 类型: REG_BINARY 长度: 126 字节

B0 65 FA 5E 20 00 87 65 2C 67 87 65 63 68 2E 00 | .e.^ ..e,g.ech..

74 00 78 00 74 00 00 00 64 00 36 00 00 00 00 00 | t.x.t...d.6.....

00 00 00 00 00 00 B0 65 FA 5E 20 00 87 65 2C 67 | .......e.^ ..e,g

87 65 63 68 2E 00 74 00 78 00 74 00 2E 00 6C 00 | .ech..t.x.t...l.

6E 00 6B 00 00 00 36 00 03 00 04 00 EF BE 00 00 | n.k...6.........

00 00 00 00 00 00 14 00 00 00 B0 65 FA 5E 20 00 | ...........e.^ .

87 65 2C 67 87 65 63 68 2E 00 74 00 78 00 74 00 | .e,g.ech..t.x.t.

2E 00 6C 00 6E 00 6B 00 00 00 2E 00 00 00 | ..l.n.k.......

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\3

键值: 类型: REG_BINARY 长度: 226 字节

72 00 67 00 2D 00 6B 00 65 00 72 00 6E 00 65 00 | r.g.-.k.e.r.n.e.

6C 00 73 00 6B 00 79 00 2D 00 72 00 6F 00 6F 00 | l.s.k.y.-.r.o.o.

74 00 2D 00 30 00 33 00 30 00 39 00 30 00 36 00 | t.-.0.3.0.9.0.6.

32 00 31 00 32 00 31 00 30 00 39 00 2E 00 72 00 | 2.1.2.1.0.9...r.

67 00 73 00 00 00 9A 00 32 00 00 00 00 00 00 00 | g.s.....2.......

00 00 00 00 72 67 2D 6B 65 72 6E 65 6C 73 6B 79 | ....rg-kernelsky

2D 72 6F 6F 74 2D 30 33 30 39 30 36 32 31 32 31 | -root-0309062121

30 39 2E 72 67 73 2E 6C 6E 6B 00 00 64 00 03 00 | 09.rgs.lnk..d...

04 00 EF BE 00 00 00 00 00 00 00 00 14 00 00 00 | ................

72 00 67 00 2D 00 6B 00 65 00 72 00 6E 00 65 00 | r.g.-.k.e.r.n.e.

6C 00 73 00 6B 00 79 00 2D 00 72 00 6F 00 6F 00 | l.s.k.y.-.r.o.o.

74 00 2D 00 30 00 33 00 30 00 39 00 30 00 36 00 | t.-.0.3.0.9.0.6.

32 00 31 00 32 00 31 00 30 00 39 00 2E 00 72 00 | 2.1.2.1.0.9...r.

67 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 36 00 | g.s...l.n.k...6.

00 00 | ..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a

键值: 字串: 'regedit\1'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\b

键值: 字串: 'syskey\1'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList

键值: 字串: 'ba'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\flfxrl.rkr

键值: 类型: REG_BINARY 长度: 16 字节

82 00 00 00 07 00 00 00 80 F3 C8 86 7C 43 C6 01 | ............|C..

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1

键值: 类型: REG_BINARY 长度: 22 字节

14 00 1F 48 BA 8F 0D 45 25 AD D0 11 98 A8 08 00 | ...H...E%.......

36 1B 11 03 00 00 | 6.....

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\MRUListEx

键值: 类型: REG_BINARY 长度: 4 字节

FF FF FF FF | ....

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\NodeSlot

键值: DWORD: 316 (0x13c)

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\cryptext.dll,-6112

键值: 字串: 'Microsoft 系列证书存储'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\cryptext.dll,-6113

键值: 字串: 'PKCS #7 签名'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\System32\pdh.dll,-10023

键值: 字串: '性能监视器文件'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@Shell32.dll,-12689

键值: 字串: '包含音乐和其它音频文件。'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\regedit.exe

键值: 字串: 'Registry Editor'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\syskey.exe

键值: 字串: 'SAM Lock Tool'

HKEY_USERS\S-1-5-21-1645522239-1060284298-725345543-1003\Software\Vitas\RegSnap\estimReg\f_root

键值: DWORD: 221082 (0x35f9a)

• ·csdn论坛中关于在word中生成日历的问题的
• ·CoderHelper如何实现为用户提供的简单
• ·身份证号码验证web服务（完整源码）
• ·【翻译】Managed DirectX（第十章
• ·火鳥字幕合併器SubindexV0.4Buil
• ·王牌网提供的几个实用Web Service文档
• ·ASP.NET中DataGrid控件的使用
• ·VC数字图像处理编程讲座之二
• ·获取 IE 当前 URL 的代码
• ·编译器错误信息 CS1595