|
The entries in the Windows registry are called Keys... |
|
The image, table, or PDF was removed because it will not display on your device. Check back on a PC...
|
From the Windows Operating System Help file:
"Windows stores its
configuration information in a database called the registry. The
registry contains profiles for each user of the computer and information about
system hardware, installed programs, and property settings. Windows
continually references this information during its operation."
Microsoft also calls these five files hives because of the make up looks like a
bee hive (so I have been told).
The registry is split up in five different sections:
- HKEY_CLASSES_ROOT
- HKEY_CURRENT_USER
- HKEY_LOCAL_MACHINE
- HKEY_USERS
- HKEY_CURRENT_CONFIG
Lets take a look at each main key and what it's function is for the registry.
The first one HKEY_CLASSES_ROOT defines all the different types or classes of files, file extensions, and program handler parameters for each category. Also listed are associations for each extension. Such as a txt file is noted as a file that notepad.exe would be opened with. Where as a doc file would be opened by your word processor.
The 5 Steps to high quality and cheap
DIY Computer Repairs
Get It Today...
|
|
The second one HKEY_CURRENT_USER lists all the parameters for the current user. This
entry is copied from the HKEY_USERS main entry when you log on. Any changes you make to your session is then copied back to your
entry in HKEY_USERS main entry when you log off.
The third one HKEY_LOCAL_MACHINE lists all the parameters for the computer's hardware and software. This
entry controls how the computer starts, what each device parameters are, and all installed software. How ever some software that is installed under a current user and the installation with the "My use only" parameter set then only the basic information will be in this
entry.
The fourth one HKEY_USERS has
all logged on user's keys, a entry is
created here when the user firsts logs on. Each sub entry here is a profile for
a user. Sometimes when a user's profile gets corrupt you can replace the entry
with a backup entry and correct the problem.
The fifth one HKEY_CURRENT_CONFIG is the settings for the logged on user's profile and the current machine settings. This
entry is a combination of both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. Changing any parameters in this
entry will only effect the current session, this information is not saved when the current user logs off or the computer is shut down/restarted.
Now you may ask what good is this information to me?
Let's say you picked up a virus.
You run your trusty AV (Anti Virus) program and it says it found xxxx virus in xxxx files and moved them to the quarantine folder.
You diligently go to the quarantine folder and delete the files and empty the Recycle Bin.
Then you restart your computer.
Arrrrrrggghhh the virus is still there!
Why?
Because the registry has entries in it about the virus, the virus may have changed a
entry in the HKEY_CLASSES, it may have put it self in the Run key of the HKEY_CURRENT_USER (that was saved to HKEY_USERS - under your profile
entry) and it may be in the run entry in the HKEY_LOCAL_MACHINE.
And it is hiding in a file that the AV did not scan.
So how do you root out a sneaky virus?
Hummmm.....
|
Proudly Made in The U. S. A.
www.diy-computer-repair.net