魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2021-09-22 15:09:30	2021-09-22 15:11:34	124 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp03-1	win7-sp1-x64-shaapp03-1	KVM	2021-09-22 15:09:30	2021-09-22 15:11:36

魔盾分数
8.025 恶意的

文件详细信息

文件名	services.exe
文件大小	2241536 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
CRC32	A785F724
MD5	1902c971c94f3e72ffe4d7b96e37bf1a
SHA1	938da96d696495a85ccf67b5605337de7bbadf85
SHA256	b07bf075827c99df2259bea650e9acba20c23b6a5b0952bcfc9149b848f27709
SHA512	201e59dc0d7327db05fb218b0de927bb3265dd6f54fe4c59d834c23303d1a786b5e4aab239e2a64d771c3ebf3ea726b4326249b08bfe716c03e857d625aaf406
Ssdeep	49152:OyW/jGnsDn5ADJ7xtRvgh9ilOTU6pqy4CKDpm/EISHbep:WADdoiYNd4ysH
PEiD	无匹配
Yara	CRC32_poly_Constant (Look for CRC32 [poly]) CRC32_table (Look for CRC32 table) MD5_Constants (Look for MD5 constants) BASE64_table (Look for Base64 table) with_images (Detected the presence of an or several images) with_urls (Detected the presence of an or several urls) IsPE64 (Detected a 64bit PE sample) IsWindowsGUI (Detected a Windows GUI sample) HasDebugData (Detected Debug Data) HasRichSignature (Detected Rich Signature) DebuggerTiming__PerformanceCounter () DebuggerTiming__Ticks (Detected timing ticks function) DebuggerException__SetConsoleCtrl () Check_OutputDebugStringA_iat (Detect in IAT OutputDebugstringA) anti_dbg (Detected self protection if being debugged) antisb_threatExpert (Anti-Sandbox checks for ThreatExpert) hijack_network (Detected possible Hijack network configuration function) create_service (Detected function for creating a windows service) network_http (Detected communications function over HTTP) network_dns (Detected network communications use DNS) create_process (Detection function for creating a new process) escalate_priv (Detected escalate priviledges function) win_registry (Detected system registries modification function) change_win_registry (Change registries to affect system) win_token (Affect system token) win_files_operation (Affect private profile) Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
VirusTotal	VirusTotal查询失败

特征

可疑的样本异常终止

魔盾wping.org IP地址信誉系统

Greylist: 104.123.71.146

装载一个驱动器

driver service name: \Registry\Machine\System\CurrentControlSet\Services\witboxhiocr

一个可疑的诱骗文档被呈现给用户

disguised_executable: The submitted file was an executable indicative of an attempt to get a user to run executable content disguised as a document

Decoy Document: acrord32.exe /h

魔盾安全Yara规则检测结果 - 高危

Warning: Detected possible Hijack network configuration function

Warning: Detected function for creating a windows service

Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

网络分析

访问主机记录

直接访问	IP地址	国家名
否	104.123.71.146	United States

域名解析

域名	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 104.123.71.146 CNAME a1983.dscd.akamai.net A 104.123.71.144

TCP连接

IP地址	端口
104.123.71.146	80

UDP连接

IP地址	端口
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

静态分析

PE 信息

初始地址	0x140000000
入口地址	0x1400356fc
声明校验值	0x00000000
实际校验值	0x00225cf3
最低操作系统版本要求	6.0
PDB路径	D:\Project\miner\xmr-stak-2.4.2\project\bin\Release_SlowSlow\xmr-stak.pdb
编译时间	2021-07-31 04:47:25
载入哈希	3e6fde31d4be40441f7c76092859d580

版本信息

ProductVersion:	1.3.7.3104
ProductName:	Microsoft Windows Operating System
FileVersion:	1.3.7.3104
FileDescription:	Windows \xe5\xe7\xe7\xe5
Translation:	0x0804 0x04b0

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00096a7e	0x00096c00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.50
.rdata	0x00098000	0x000241ba	0x00024200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.76
.data	0x000bd000	0x00004de4	0x00003200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.58
.pdata	0x000c2000	0x000077f4	0x00007800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.97
.gfids	0x000ca000	0x000001f0	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.11
.rsrc	0x000cb000	0x0015cb20	0x0015cc00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.62
.reloc	0x00228000	0x000008ec	0x00000a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.17

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
BIN	0x000cb2f0	0x0015c090	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.62	PE32+ executable (native) x86-64, for MS Windows
RT_VERSION	0x000cb0f0	0x000001fc	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.47	data
RT_MANIFEST	0x00227380	0x0000079a	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.15	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

导入

库 WSOCK32.dll:

• 0x1400986f0 - htons

• 0x1400986f8 - bind

• 0x140098700 - inet_ntoa

• 0x140098708 - recv

• 0x140098710 - setsockopt

• 0x140098718 - socket

• 0x140098720 - gethostbyname

• 0x140098728 - WSAStartup

• 0x140098730 - WSACleanup

• 0x140098738 - WSAGetLastError

• 0x140098740 - send

• 0x140098748 - ntohs

• 0x140098750 - connect

• 0x140098758 - closesocket

• 0x140098760 - ioctlsocket

库 KERNEL32.dll:

• 0x140098118 - LeaveCriticalSection

• 0x140098120 - DeleteCriticalSection

• 0x140098128 - GetProcessId

• 0x140098130 - OpenProcess

• 0x140098138 - GetTickCount

• 0x140098140 - GetVersionExA

• 0x140098148 - FreeLibrary

• 0x140098150 - GetModuleHandleA

• 0x140098158 - GetProcAddress

• 0x140098160 - LoadLibraryA

• 0x140098168 - SetCurrentDirectoryA

• 0x140098170 - GetCommandLineA

• 0x140098178 - GetFileSize

• 0x140098180 - ReadFile

• 0x140098188 - SetFilePointer

• 0x140098190 - OutputDebugStringA

• 0x140098198 - DeviceIoControl

• 0x1400981a0 - GetProcessTimes

• 0x1400981a8 - GetSystemTimeAsFileTime

• 0x1400981b0 - GetSystemInfo

• 0x1400981b8 - MapViewOfFile

• 0x1400981c0 - UnmapViewOfFile

• 0x1400981c8 - GetLargePageMinimum

• 0x1400981d0 - LoadResource

• 0x1400981d8 - LockResource

• 0x1400981e0 - SizeofResource

• 0x1400981e8 - GlobalAlloc

• 0x1400981f0 - GlobalFree

• 0x1400981f8 - LocalAlloc

• 0x140098200 - CreateFileMappingA

• 0x140098208 - OpenFileMappingA

• 0x140098210 - FindResourceA

• 0x140098218 - WideCharToMultiByte

• 0x140098220 - CreateToolhelp32Snapshot

• 0x140098228 - Process32First

• 0x140098230 - Process32Next

• 0x140098238 - K32GetModuleFileNameExA

• 0x140098240 - FindClose

• 0x140098248 - FindFirstFileA

• 0x140098250 - FindNextFileA

• 0x140098258 - GetFileAttributesA

• 0x140098260 - WriteFile

• 0x140098268 - EnterCriticalSection

• 0x140098270 - GetFullPathNameA

• 0x140098278 - WaitForSingleObject

• 0x140098280 - CreateEventA

• 0x140098288 - CopyFileA

• 0x140098290 - GetCurrentDirectoryA

• 0x140098298 - CreateDirectoryA

• 0x1400982a0 - LocalFileTimeToFileTime

• 0x1400982a8 - SetFileTime

• 0x1400982b0 - SystemTimeToFileTime

• 0x1400982b8 - GlobalMemoryStatusEx

• 0x1400982c0 - GetFileInformationByHandle

• 0x1400982c8 - FileTimeToSystemTime

• 0x1400982d0 - SetEnvironmentVariableA

• 0x1400982d8 - FreeEnvironmentStringsW

• 0x1400982e0 - GetEnvironmentStringsW

• 0x1400982e8 - GetCommandLineW

• 0x1400982f0 - GetCPInfo

• 0x1400982f8 - GetOEMCP

• 0x140098300 - IsValidCodePage

• 0x140098308 - FindNextFileW

• 0x140098310 - FindFirstFileExW

• 0x140098318 - FindFirstFileExA

• 0x140098320 - GetTimeZoneInformation

• 0x140098328 - FlushFileBuffers

• 0x140098330 - ReadConsoleW

• 0x140098338 - GetConsoleMode

• 0x140098340 - GetConsoleCP

• 0x140098348 - GetFileType

• 0x140098350 - EnumSystemLocalesW

• 0x140098358 - GetUserDefaultLCID

• 0x140098360 - IsValidLocale

• 0x140098368 - EncodePointer

• 0x140098370 - SetLastError

• 0x140098378 - InterlockedFlushSList

• 0x140098380 - InterlockedPushEntrySList

• 0x140098388 - RtlUnwindEx

• 0x140098390 - InitializeCriticalSection

• 0x140098398 - QueryPerformanceFrequency

• 0x1400983a0 - QueryPerformanceCounter

• 0x1400983a8 - GetLocalTime

• 0x1400983b0 - GetCurrentThreadId

• 0x1400983b8 - GetCurrentProcessId

• 0x1400983c0 - GetCurrentProcess

• 0x1400983c8 - SetUnhandledExceptionFilter

• 0x1400983d0 - RaiseException

• 0x1400983d8 - CloseHandle

• 0x1400983e0 - CreateFileA

• 0x1400983e8 - MultiByteToWideChar

• 0x1400983f0 - MoveFileA

• 0x1400983f8 - LocalFree

• 0x140098400 - GetLastError

• 0x140098408 - SetFileAttributesA

• 0x140098410 - DeleteFileA

• 0x140098418 - GetComputerNameA

• 0x140098420 - Sleep

• 0x140098428 - SetEnvironmentVariableW

• 0x140098430 - GetProcessHeap

• 0x140098438 - SetConsoleCtrlHandler

• 0x140098440 - OutputDebugStringW

• 0x140098448 - WaitForSingleObjectEx

• 0x140098450 - SetStdHandle

• 0x140098458 - CreateFileW

• 0x140098460 - SetFilePointerEx

• 0x140098468 - WriteConsoleW

• 0x140098470 - HeapSize

• 0x140098478 - GetLocaleInfoW

• 0x140098480 - LCMapStringW

• 0x140098488 - CompareStringW

• 0x140098490 - GetTimeFormatW

• 0x140098498 - HeapReAlloc

• 0x1400984a0 - SetEndOfFile

• 0x1400984a8 - InitializeCriticalSectionAndSpinCount

• 0x1400984b0 - TlsAlloc

• 0x1400984b8 - TlsGetValue

• 0x1400984c0 - TerminateProcess

• 0x1400984c8 - GetDateFormatW

• 0x1400984d0 - GetStringTypeW

• 0x1400984d8 - GetCurrentThread

• 0x1400984e0 - HeapAlloc

• 0x1400984e8 - HeapFree

• 0x1400984f0 - GetACP

• 0x1400984f8 - GetStdHandle

• 0x140098500 - GetModuleFileNameW

• 0x140098508 - GetModuleFileNameA

• 0x140098510 - ExitProcess

• 0x140098518 - GetModuleHandleExW

• 0x140098520 - FreeLibraryAndExitThread

• 0x140098528 - ResumeThread

• 0x140098530 - ExitThread

• 0x140098538 - CreateThread

• 0x140098540 - LoadLibraryExW

• 0x140098548 - TlsFree

• 0x140098550 - RtlCaptureContext

• 0x140098558 - RtlLookupFunctionEntry

• 0x140098560 - RtlVirtualUnwind

• 0x140098568 - IsDebuggerPresent

• 0x140098570 - UnhandledExceptionFilter

• 0x140098578 - GetStartupInfoW

• 0x140098580 - IsProcessorFeaturePresent

• 0x140098588 - GetModuleHandleW

• 0x140098590 - InitializeSListHead

• 0x140098598 - RtlPcToFileHeader

• 0x1400985a0 - TlsSetValue

库 USER32.dll:

• 0x140098620 - FindWindowExA

• 0x140098628 - GetForegroundWindow

• 0x140098630 - GetWindowTextA

• 0x140098638 - GetWindowThreadProcessId

• 0x140098640 - GetWindowRect

• 0x140098648 - GetClassNameA

• 0x140098650 - wsprintfA

• 0x140098658 - GetDesktopWindow

库 SHELL32.dll:

• 0x1400985f8 - SHCreateDirectoryExA

• 0x140098600 - SHGetSpecialFolderPathA

库 ole32.dll:

• 0x140098780 - CoSetProxyBlanket

• 0x140098788 - CoInitializeSecurity

• 0x140098790 - CLSIDFromString

• 0x140098798 - CoInitialize

• 0x1400987a0 - CoCreateInstance

• 0x1400987a8 - CoUninitialize

库 OLEAUT32.dll:

• 0x1400985b0 - VariantClear

• 0x1400985b8 - VariantInit

• 0x1400985c0 - SysFreeString

• 0x1400985c8 - SysAllocString

• 0x1400985d0 - GetErrorInfo

• 0x1400985d8 - VariantChangeType

• 0x1400985e0 - SetErrorInfo

• 0x1400985e8 - CreateErrorInfo

库 ADVAPI32.dll:

• 0x140098000 - StartServiceCtrlDispatcherA

• 0x140098008 - GetNamedSecurityInfoA

• 0x140098010 - SetNamedSecurityInfoA

• 0x140098018 - BuildExplicitAccessWithNameA

• 0x140098020 - OpenProcessToken

• 0x140098028 - AdjustTokenPrivileges

• 0x140098030 - RegSetValueExW

• 0x140098038 - RegFlushKey

• 0x140098040 - StartServiceA

• 0x140098048 - QueryServiceStatus

• 0x140098050 - QueryServiceConfigA

• 0x140098058 - OpenServiceA

• 0x140098060 - OpenSCManagerA

• 0x140098068 - DeleteService

• 0x140098070 - CreateServiceA

• 0x140098078 - ControlService

• 0x140098080 - CloseServiceHandle

• 0x140098088 - ChangeServiceConfigA

• 0x140098090 - RegSetValueExA

• 0x140098098 - RegCreateKeyExA

• 0x1400980a0 - RegQueryValueExA

• 0x1400980a8 - RegOpenKeyExA

• 0x1400980b0 - RegCloseKey

• 0x1400980b8 - SetSecurityDescriptorDacl

• 0x1400980c0 - InitializeSecurityDescriptor

• 0x1400980c8 - SetServiceStatus

• 0x1400980d0 - RegisterServiceCtrlHandlerA

• 0x1400980d8 - SetEntriesInAclA

库 dbghelp.dll:

• 0x140098770 - MiniDumpWriteDump

库 WINMM.dll:

• 0x1400986e0 - timeKillEvent

库 CFGMGR32.dll:

• 0x1400980e8 - CM_Get_Device_Interface_ListW

库 IPHLPAPI.DLL:

• 0x1400980f8 - GetIpForwardTable

• 0x140098100 - GetIpNetTable

• 0x140098108 - GetAdaptersInfo

库 WININET.dll:

• 0x140098688 - FindNextUrlCacheEntryA

• 0x140098690 - DeleteUrlCacheEntry

• 0x140098698 - InternetOpenA

• 0x1400986a0 - FindFirstUrlCacheEntryA

• 0x1400986a8 - HttpSendRequestA

• 0x1400986b0 - HttpAddRequestHeadersA

• 0x1400986b8 - HttpOpenRequestA

• 0x1400986c0 - InternetReadFile

• 0x1400986c8 - InternetConnectA

• 0x1400986d0 - InternetCloseHandle

库 VERSION.dll:

• 0x140098668 - GetFileVersionInfoSizeA

• 0x140098670 - VerQueryValueA

• 0x140098678 - GetFileVersionInfoA

库 SHLWAPI.dll:

• 0x140098610 - PathFileExistsA

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息

执行的命令 无信息

创建的服务

witboxhiocr

启动的服务

witboxhiocr

进程

services.exe PID: 2464, 上一级进程 PID: 2172

services.exe PID: 432, 上一级进程 PID: 344

AcroRd32.exe PID: 816, 上一级进程 PID: 304

访问的文件

C:\Users\test\AppData\Local\Temp\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\sysnative\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\system\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\api-ms-win-core-localization-l1-2-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\sysnative\wbem\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-core-localization-l1-2-1.DLL
C:\Program Files (x86)\WinRAR\api-ms-win-core-localization-l1-2-1.DLL
C:\Users\test\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-1.DLL
C:\Windows\sysnative\PcmInfo_Helper.sys
C:\Users\test\AppData\Local\Temp\ADH
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\sysnative\shell32.dll
C:\Windows\zjoqoxa
C:\Windows\zjoqoxa\witboxhiocr.sys
C:\Windows\sysnative\drivers\*.*
C:\Windows\sysnative\drivers\BrFiltUp.sys
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\LastGood.Tmp
C:\Windows\Temp
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\IA32.api
C:\Windows\System32\spool\drivers\color\D65.camp
C:\Windows\System32\spool\drivers\color\Photo.gmmp
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Updater.api
C:\Users\test\AppData\Local\Adobe
C:\Users\test\AppData\Local\Adobe\Acrobat
C:\Users\test\AppData\Local\Adobe\Acrobat\11.0
C:\Users\test\AppData\Local\Adobe\Acrobat\11.0\Cache
C:\Users\test\AppData\Local\Adobe\Acrobat\11.0\Cache\RdLang_Updater.CHS
C:\program files (x86)\Adobe\reader 11.0\Reader\Locale\zh_CN\updater.CHS
C:\Users\test\AppData\Local\Temp\A9RFB5F.tmp
C:\Users\test\AppData\LocalLow\Adobe\Acrobat\11.0\ReaderMessages
C:\Users\test\AppData\LocalLow\Adobe\Acrobat\11.0\ReaderMessages-journal
C:\Users\test\AppData\LocalLow\Adobe\Acrobat\11.0\ReaderMessages-wal

读取的文件

C:\Users\test\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-1.DLL
C:\Windows\sysnative\PcmInfo_Helper.sys
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\sysnative\shell32.dll
C:\Windows\sysnative\drivers\BrFiltUp.sys
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\LastGood.Tmp
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\IA32.api
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Updater.api
C:\Users\test\AppData\Local\Adobe\Acrobat\11.0\Cache\RdLang_Updater.CHS
C:\Users\test\AppData\LocalLow\Adobe\Acrobat\11.0\ReaderMessages
C:\Users\test\AppData\LocalLow\Adobe\Acrobat\11.0\ReaderMessages-journal

修改的文件

C:\Windows\sysnative\PcmInfo_Helper.sys
C:\Windows\zjoqoxa\witboxhiocr.sys
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Users\test\AppData\LocalLow\Adobe\Acrobat\11.0\ReaderMessages
C:\Users\test\AppData\LocalLow\Adobe\Acrobat\11.0\ReaderMessages-journal

删除的文件

C:\Windows\sysnative\PcmInfo_Helper.sys
C:\Windows\zjoqoxa\witboxhiocr.sys
C:\Windows\LastGood.Tmp
C:\Users\test\AppData\Local\Temp\A9RFB5F.tmp
C:\Users\test\AppData\LocalLow\Adobe\Acrobat\11.0\ReaderMessages-journal

注册表键

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\services.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\services.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\services.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\witboxhiocr\Instances
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\Instances\DefaultInstance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\witboxhiocr\Instances\witboxhiocr Instance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\Instances\witboxhiocr Instance\Altitude
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\Instances\witboxhiocr Instance\Flags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\witboxhiocr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\PCInfoDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr\ObjectName
HKEY_LOCAL_MACHINE\system
HKEY_LOCAL_MACHINE\SYSTEM\select
HKEY_LOCAL_MACHINE\SYSTEM\Select\Current
HKEY_LOCAL_MACHINE\SYSTEM\Select\Default
HKEY_LOCAL_MACHINE\SYSTEM\Select\LastKnownGood
HKEY_LOCAL_MACHINE\SYSTEM\Select\Failed
HKEY_LOCAL_MACHINE\System\LastKnownGoodRecovery\LastGood.Tmp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Tracing\SCM\Regular
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\SCM\Regular\TracingDisabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\Order\ProviderOrder
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ProviderOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\WOW64
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\Environment
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClusSvc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\ri
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\ProfileEnumMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\ICMProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\sRGB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\camp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\rip
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVPrivate
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Updater
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\11.0\Updater
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Adobe\Adobe ARM\1.0\ARM\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Adobe ARM\1.0\ARM\iCheckReader
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\ARMUser
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\11.0\ARMUser
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\11.0\Installer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\11.0\Installer\bUpdateModeSet

读取的注册表键

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\Select\Current
HKEY_LOCAL_MACHINE\SYSTEM\Select\Default
HKEY_LOCAL_MACHINE\SYSTEM\Select\LastKnownGood
HKEY_LOCAL_MACHINE\SYSTEM\Select\Failed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\SCM\Regular\TracingDisabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\Order\ProviderOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder\ProviderOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\ri
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\ProfileEnumMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0000\ICMProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\sRGB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\camp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\rip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Adobe ARM\1.0\ARM\iCheckReader
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\11.0\Installer\bUpdateModeSet

修改的注册表键

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\witboxhiocr\Instances
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\Instances\DefaultInstance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\witboxhiocr\Instances\witboxhiocr Instance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\Instances\witboxhiocr Instance\Altitude
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\Instances\witboxhiocr Instance\Flags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\witboxhiocr\PCInfoDirectory

删除的注册表键 无信息

API解析

kernel32.dll.LCMapStringEx
kernelbase.dll.CompareStringEx
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.GetLocaleInfoEx
api-ms-win-appmodel-runtime-l1-1-1.dll.GetCurrentPackageId
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CreateBindCtx
ole32.dll.CoGetApartmentType
ole32.dll.CoRegisterInitializeSpy
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoGetMalloc
comctl32.dll.#320
ole32.dll.StringFromGUID2
comctl32.dll.#324
comctl32.dll.#323
advapi32.dll.RegEnumKeyW
oleaut32.dll.#2
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
comctl32.dll.#321
mscms.dll.CloseColorProfile
mscms.dll.DeleteColorTransform
mscms.dll.TranslateBitmapBits
mscms.dll.TranslateColors
mscms.dll.CheckBitmapBits
mscms.dll.InstallColorProfileW
mscms.dll.UninstallColorProfileW
mscms.dll.EnumColorProfilesW
mscms.dll.GetStandardColorSpaceProfileW
mscms.dll.GetColorProfileHeader
mscms.dll.GetColorDirectoryW
mscms.dll.CreateProfileFromLogColorSpaceW
mscms.dll.CreateMultiProfileTransform
mscms.dll.InternalGetDeviceConfig
mscms.dll.WcsOpenColorProfileW
mscms.dll.WcsGetDefaultColorProfileSize
mscms.dll.WcsGetDefaultColorProfile
mscms.dll.WcsGetDefaultRenderingIntent
mscms.dll.WcsCreateIccProfile
mscms.dll.GetColorProfileFromHandle
mscms.dll.WcsGetUsePerUserProfiles
updater.api.PlugInMain
wininet.dll.InternetCloseHandle