registry keys for turning on rdc

  • Thread starter Thread starter Costin Gusa
  • Start date Start date
C

Costin Gusa

does anyone know what registry settings are changed when
you turn on windows xp remote desktop ?

Thank you
ps please add my address on cc: line when responding as i'm
occasionally (in fact this is the first time) on this newsgroup
 
Registry

********

Keys ignored: 0

---------------

* (none)

Keys added: 12

--------------

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\x

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\x

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\x

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\x

Keys deleted: 12

----------------

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Values added: 3

---------------

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"@C:\WINDOWS\system32\mycomput.dll,-400"

Type: REG_SZ

Data: Mana&ge

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"@C:\WINDOWS\system32\SHELL32.dll,-22913"

Type: REG_SZ

Data: Shows the disk drives and hardware connected to this computer.

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"@C:\WINDOWS\system32\SHELL32.dll,-8503"

Type: REG_SZ

Data: S&earch...

Values changed: 11

------------------

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAss
ist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 87, 00, 00, 00, FB, 06, 00, 00, 60, 35, 07, 52, 5E, 8E, C3, 01

New data: 87, 00, 00, 00, FC, 06, 00, 00, F0, 4F, 1C, D8, 5E, 8E, C3, 01

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAss
ist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU:P:\Cebtenz
Svyrf\VaPgey5\VaPgey5.rkr"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 87, 00, 00, 00, 06, 00, 00, 00, 60, 35, 07, 52, 5E, 8E, C3, 01

New data: 87, 00, 00, 00, 07, 00, 00, 00, E0, 99, 1E, D8, 5E, 8E, C3, 01

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAss
ist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACVQY"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 87, 00, 00, 00, 19, 00, 00, 00, 80, 4E, FB, 51, 5E, 8E, C3, 01

New data: 87, 00, 00, 00, 1B, 00, 00, 00, F0, DE, 19, D8, 5E, 8E, C3, 01

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAss
ist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
"HRZR_EHACVQY:%pfvqy2%\VaPgey5"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 87, 00, 00, 00, 06, 00, 00, 00, 70, 98, FD, 51, 5E, 8E, C3, 01

New data: 87, 00, 00, 00, 07, 00, 00, 00, F0, DE, 19, D8, 5E, 8E, C3, 01

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAss
ist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
"HRZR_EHACVQY:%pfvqy2%\VaPgey5\VaPgey5.yax"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 87, 00, 00, 00, 06, 00, 00, 00, 80, 4E, FB, 51, 5E, 8E, C3, 01

New data: 87, 00, 00, 00, 07, 00, 00, 00, 00, 95, 17, D8, 5E, 8E, C3, 01

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAss
ist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHAPCY"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 87, 00, 00, 00, C3, 00, 00, 00, D0, FC, F8, 1E, 5E, 8E, C3, 01

New data: 87, 00, 00, 00, C4, 00, 00, 00, 10, 1A, EB, CE, 5E, 8E, C3, 01

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAss
ist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHAPCY:FLFQZ.PCY"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 87, 00, 00, 00, 0C, 00, 00, 00, D0, FC, F8, 1E, 5E, 8E, C3, 01

New data: 87, 00, 00, 00, 0D, 00, 00, 00, 10, 1A, EB, CE, 5E, 8E, C3, 01

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAss
ist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_HVDPHG"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 87, 00, 00, 00, 8F, 07, 00, 00, 30, 8C, A6, 1D, 5E, 8E, C3, 01

New data: 87, 00, 00, 00, 90, 07, 00, 00, E0, 5C, 02, CD, 5E, 8E, C3, 01

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 44, 50, 0C, A7, 58, 1E, 22, 97, 37, 94, 20, 66, B9, E9, EF, 14,
A0, 4E, D8, 94, 14, ED, 6B, 7B, D6, 2A, 4A, 28, 34, 14, DA, 63, A6, C2, 1B,
00, AC, 76, F9, 43, 66, 1F, B9, C2, EA, F2, A5, 8C, 92, 68, 85, 60, 95, 87,
22, 34, 12, 10, 2A, C1, 93, C3, 8A, 47, 08, 76, 7F, DF, 47, 55, 07, 9B, ED,
93, 7D, C1, EE, D3, FD, BD

New data: A3, 76, 89, AE, 70, E4, AC, 9A, 3C, 3A, 6F, 4F, 32, 21, B6, 0E,
F9, 69, 75, 5D, 9E, E1, 9F, 32, 2F, 73, BC, F7, 1A, BC, D5, 24, AD, 1C, 0F,
04, 3F, B2, CB, 74, 31, BB, 69, 8A, 70, F4, DD, B6, EB, C4, C0, 75, F3, A4,
C6, 20, 46, 9B, CD, FD, 03, CF, 64, E2, 92, F8, D4, F9, 21, 8F, EF, 26, 4D,
03, 35, E9, 81, 0E, DB, D4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher
"TracesProcessed"

Old type: REG_DWORD

New type: REG_DWORD

Old data: 4E, 00, 00, 00

New data: 55, 00, 00, 00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher
"TracesSuccessful"

Old type: REG_DWORD

New type: REG_DWORD

Old data: 4A, 00, 00, 00

New data: 4F, 00, 00, 00
 
I assume that the Binary Blobs listed in the previous post would be System
specific...

Thanks,

Jeff
 
Back
Top