Windows Registry Editor Version 5.00

HKEY_CLASSES_ROOT: OLE, Drag & Drop (== HKLM\SOFTWARE\Classes)
HKEY_CURRENT_USER (== HK_USERS\$USER)
HKEY_LOCAL_MACHINE (HKLM)
HKEY_USERS
HKEY_CURRENT_CONFIG (== HKLM\Config\$CONFIG)
HKEY_DYN_DATA

Win9x: SYSTEM.DAT & USER.DAT (SYSTEM.DA0, USER.DA0 als Backup)
WinNT: %System32%\Config

CLSIDs:
20D04FE0-3AEA-1069-A2D8-08002B30309D	My Computer (Arbeitsplatz)
208D2C60-3AEA-1069-A2D7-08002B30309D	My Network Places (Netzwerkumgebung)
645FB040-5081-101B-9F08-00AA002F954E	Recycle Bin (Papierkorb)
85BBD920-420A-1069-A2E4-08002B30309D	(Aktenkoffer)
 0020D75-0000-0000-C000-000000000046	(Posteingang)
21EC2020-3AEA-1069-A2DD-08002B30309D	Control Panel (Systemsteuerung)
2227A280-3AEA-1069-A2DE-08002B30309D	Printer (Drucker)

* Regedit-Favoriten: HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites

<ul>
 <li><code>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*</code></li>
 <li><code>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon</code></li>
 <li><code>HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate</li>
 <li><code>HKEY_USERS\*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*</code></li>
 <li><code>HKEY_USERS\*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run</code></li>
</ul>

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
HKCU\Software\Microsoft\Windows\CurrentVersion\Policiy

<pre>
Optionen, die beim Systemstart verwendet wurden:
HKLM\System\CurrentControlSet\Control\SystemStartOptions

Routing-Eintraege, die auch nach einem Neustart noch da sein sollen:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

Network Neighborhood: toogle from "comment (servername)" to "servername (comment)":
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 
"ToggleCommentPosition"=dword:00000001

SHUTDOWN-Knopf beim Login aktivieren:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
shutdownwithoutlogon REG_DWORD 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
LegalNoticeCaption      "Welcome to ICQ of TUI-NET"
LegalNoticeText         "Local Admins are: Funny, Lex and Sladge."

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

WGA (Windows Genuine Advantage):
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notify\WgaLogon

WPA (Windows Product Activation):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WPAEvents

Windows Auto-Update:
- ...
- ...
- ...

SMB Server String:
HKLM\SYSTEM\ControlSet001\Services\lanmanserver\parameters
srvcomment REG_SZ

Setup-Path (w/o i386):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SourcePath REG_SZ

shutdown event tracker:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{25DC7398-3875-4F26-8B88-2869E174FBBB}Machine\SOFTWARE\Policies\Microsoft\Windows NT\Reliability
**del.ShutdownReasonUI	REG_SZ
ShutdownReasonUI	REG_DWORD	0 (1 - workstation and server, 2 - workstation only, 3 - server only)
ShutdownReasonOn	REG_DWORD	0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability
ShutdownReasonOn	REG_DWORD	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability
ShutdownReasonUI	REG_DWORD	0

Deinstallationsdaten:
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall

</pre>

You can also change the value of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing\Policy to hex:00 so that unsigned drivers will install. 

Windowsy System File Protection:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
DWORD SFCDisable value 0xffffff9d  This disables the System File Checker (set to "0" to enable again).


Fuer Fast User Switching ohne Welcome-Screen noetig:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllowMultipleTSSessions

"Prefetch" fuer angeblich schnelleres Laden von Anwendungen etc.:
(depends on service "Task Scheduler" &amp; "Performance Logs and Alerts"?)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

Windows-Installer (MSI) logging to %TEMP%:
HKLM\Software\policies\Microsoft\Windows\Installer
Reg_SZ: Logging
Value: voicewarmup
v: verbose output
o: out-of-diskspace messages
i: status messages
c: initialUI parameters
e: all error messages
w: non-fatal warnings
a: start up of actions
r: action-specific records
m: out-of-memory or fatal exit information
u: user requests
p: terminal properties
+: append to existing file
!: flush each line to the log
*: wildcard, log all information except for the v option. To incluide the v option, specify "/l*v".

Info ueber BIOS und Systemhardware:
HKLM\HARDWARE\DESCRIPTION\System

autocheck beim Systemstart:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]

BootExecute REG_MULTI_SZ:
autocheck autochk /p \??\C:
autocheck autochk /p \??\D:
autocheck autochk /p \??\E:
autocheck autochk /p \??\F:
autocheck autochk /p \??\Q:
autocheck autochk *

AutoChkTimeOut REG_DWORD:
(Zeit in Sekunden)