;============================
;(0) groups list
;============================
[GROUPS]
1=HOSTS File
2=System Startup
3=Internet Security
4=Internet Explorer Settings
5=Internet Explorer Plugins
6=System Security
7=System Services
8=Explorer Settings
9=Kaspersky Settings

;============================
;(1) HOSTS File (nt-based)
;============================
[HOSTS File]
1=Tcpip

[Tcpip]
key=HKLM\SYSTEM\ControlSet???\Services\Tcpip\Parameters
1=DatabasePath

;============================
;(2) System Startup
;============================
; All record from Start-Up.ini file
[System Startup]
19=anyfile_open
20=anyfile_runas
21=AEDebug
22=Winlogon_Shell
23=SafeBoot_Network_Parameters
24=Winlogon_Notify
25=Main_Run
26=ICQ_Agent
27=ICQ_Path
31=ActiveSetup
32=WOW_BOOT
33=WOW_NonWindowsApp
34=WOW_Standard
35=CurrentVersion_Drivers
36=CurrentVersion_Drivers32
37=AppInit_DLLs
38=ShellServiceObjectDelayLoad
39=BootExecute
40=VBA_Monitors
41=SCRNSAVE
42=SharedTaskScheduler
43=ShellExecuteHooks
44=System_Scripts
45=Explorer_Run
46=WinSock2_Parameters
47=Taskman
48=Policies_Shell
49=Shell Extensions
50=Command_Processor_AutoRun
51=Explorer_FileExts
52=MPRServices
53=Common Startup
54=GPExtensions
55=Environment_ComSpec
57=GinaDLL
58=BootVerificationProgram
59=VirtualDeviceDrivers
60=SafeBoot_AlternateShell
61=SafeBoot_Minimal
62=SafeBoot_Network
63=SafeBoot_Minimal_Parameters
64=Main_Run_CUser
65=ImageFileExecutionOptions
66=ftp_open
67=mailto_open
68=subsystems
69=session_execute
70=IE_components
71=IE_extensions
72=IE_pi_extensions
72=RDPWD
73=terminal_serv_inst
74=distrib_units
75=extensions
76=win_ini
77=system_ini
78=protocol_filter
79=protocol_filter2
80=protocol_handler
81=protocol_handler2
82=ColumnHandlers
83=LangBarAddin


[anyfile_open]
key=HKEY_CLASSES_ROOT\*file\shell\open\command
1=*

[anyfile_runas]
key=HKEY_CLASSES_ROOT\*file\shell\runas\command
1=*

[AEDebug]
key=*\Software\Microsoft\Windows NT\CurrentVersion\AEDebug
1=Debugger

[Winlogon_Shell]
key=*\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
1=Shell
2=UserInit
3=System
4=UIHost
5=VmApplet
6=AppSetup

[Winlogon_Notify]
key=*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\*
1=DllName

[Main_Run]
key=*\Software\Microsoft\Windows*\CurrentVersion\Run*
1=*

[ICQ_Agent]
key=HKCU\Software\Mirabilis\ICQ\Agent\Apps
1=*

[ICQ_Path]
key=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ICQ*
1=Path

[ActiveSetup]
key=HKLM\Software\Microsoft\Active Setup\Installed Components\*
1=StubPath

[WOW_BOOT]
key=HKLM\Software\Microsoft\Windows NT\CurrentVersion\WOW\BOOT
1=*

[WOW_NonWindowsApp]
key=HKLM\Software\Microsoft\Windows NT\CurrentVersion\WOW\NonWindowsApp
1=*

[WOW_Standard]
key=HKLM\Software\Microsoft\Windows NT\CurrentVersion\WOW\Standard
1=*

[CurrentVersion_Drivers]
key=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers
1=*

[CurrentVersion_Drivers32]
key=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
1=*

[AppInit_DLLs]
key=HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
1=AppInit_DLLs

[ShellServiceObjectDelayLoad]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1=*

[BootExecute]
key=HKLM\system\currentcontrolset\control\Session Manager
1=BootExecute

[VBA_Monitors]
key=HKLM\SOFTWARE\Microsoft\VBA\Monitors\*
1=CLSID

[SCRNSAVE]
key=*\Control Panel\Desktop
1=SCRNSAVE.EXE

[SharedTaskScheduler]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1=*

[ShellExecuteHooks]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1=*

[System_Scripts]
key=*\Software\Policies\Microsoft\Windows\System\Scripts\*
1=*

[Explorer_Run]
key=*\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
1=*

[WinSock2_Parameters]
key=HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\*
recursive=1
1=*

[Taskman]
key=*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
1=Taskman

[Policies_Shell]
key=*\Software\Microsoft\Windows\CurrentVersion\Policies\System
1=Shell

[Shell Extensions]
key=HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
1=*

[Command_Processor_AutoRun]
key=*\Software\Microsoft\Command Processor
1=AutoRun

[Explorer_FileExts]
key=HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
1=*

[MPRServices]
key=HKLM\System\CurrentControlSet\Control\MPRServices\*
1=DLLName

[Common Startup]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\*Shell Folders
1=Common Startup
2=Startup
3=Start Menu
4=Common Start Menu

[GPExtensions]
key=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
recursive=1
1=*

[Environment_ComSpec]
key=HKLM\SYSTEM\ControlSet???\Control\Session Manager\Environment
1=ComSpec

[GinaDLL]
key=*\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
1=GinaDLL

[BootVerificationProgram]
key=HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram
1=ImagePath

[VirtualDeviceDrivers]
key=HKLM\SYSTEM\ControlSet???\Control\VirtualDeviceDrivers
1=VDD

[SafeBoot_AlternateShell]
key=HKLM\SYSTEM\ControlSet???\Control\SafeBoot
1=AlternateShell

[SafeBoot_Minimal]
key=HKLM\SYSTEM\ControlSet???\Control\SafeBoot\Minimal\*
1=ImagePath

[SafeBoot_Network]
key=HKLM\SYSTEM\ControlSet???\Control\SafeBoot\Network\*
1=ImagePath
    
[SafeBoot_Minimal_Parameters]
key=HKLM\SYSTEM\ControlSet???\Control\SafeBoot\Minimal\*\Parameters
1=ServiceDll

[Main_Run_CUser]
key=HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
1=load
2=run

[SafeBoot_Network_Parameters]
key=HKLM\SYSTEM\ControlSet???\Control\SafeBoot\Network\*\Parameters
1=ServiceDll

[ImageFileExecutionOptions]
key=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\*
1=Debugger

[ftp_open]
key=HKEY_CLASSES_ROOT\ftp\shell\open\command
1=*

[mailto_open]
key=*\SOFTWARE\Classes\mailto\shell\open\command
1=*

[subsystems]
key=SYSTEM\CONTROLSET???\CONTROL\SESSION MANAGER\SUBSYSTEMS
1=windows

[session_execute]
key=HKLM\system\currentcontrolset\control\Session Manager
1=SetupExecute
2=Execute

[IE_components]
key=*\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DESKTOP\COMPONENTS
recursive=1
1=*

[IE_extensions]
key=*\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS
recursive=1
1=*

[IE_pi_extensions]
key=*\SOFTWARE\MICROSOFT\INTERNET EXPLORER\PLUGINS\EXTENSION
recursive=1
1=location

[RDPWD]
key=*\SYSTEM\CONTROLSET???\CONTROL\TERMINAL SERVER\WDS\RDPWD
1=startupprograms

[terminal_serv_inst]
key=*\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TERMINAL SERVER\INSTALL
recursive=1
1=*

[distrib_units]
key=HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
recursive=1
1=*

[extensions]
key=*\Software\Microsoft\Windows NT\CurrentVersion\Extensions
1=*

[win_ini]
key=*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini
1=load
2=run
3=winlogon

[system_ini]
key=*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot
1=shell

[protocol_filter]
key=HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
recursive=1
1=*

[protocol_filter2]
key=HKCR\PROTOCOLS\Filter
recursive=1
1=*

[protocol_handler]
key=HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
recursive=1
1=*

[protocol_handler2]
key=HKCR\PROTOCOLS\Handler
recursive=1
1=*

[ColumnHandlers]
key=HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
recursive=1
1=*

[LangBarAddin]
key=HKLM\Software\Microsoft\Ctf\LangBarAddin
recursive=1
1=*

;============================    
;(3) Internet Security
;============================
[Internet Security]
1=TemplatePolicies
2=ZoneMap
3=Zones
4=Policies_TemplatePolicies
5=Policies_ZoneMap
6=Policies_Zones

[TemplatePolicies]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\*
1=*

[ZoneMap]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\*
1=*

[Zones]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\*
1=*

[Policies_TemplatePolicies]
key=HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\*
1=*

[Policies_ZoneMap]
key=HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\*
1=*

[Policies_Zones]
key=HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\*
1=*

;============================
;(4) Internet Explorer Settings
;============================
[Internet Explorer Settings]
1=DefaultPrefix
2=Prefixes
3=AboutURLs
4=Search
5=Main
6=URLSearchHooks
7=SearchURL
8=FeatureControl
9=SafeSites
10=Styles
11=ControlPanel
12=IE_Download
13=IE_Attachments
14=IE_Associations

[DefaultPrefix]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
1=*

[Prefixes]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
1=*

[AboutURLs]
key=*\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
1=*

[Search]
key=*\SOFTWARE\Microsoft\Internet Explorer\Search
1=SearchAssistant
2=CustomizeSearch

[Main]
key=*\SOFTWARE\Microsoft\Internet Explorer\Main
1=Default_Page_URL
2=Default_Search_URL
3=Search Page
4=Start Page
5=Search Bar
6=Secondary Start Pages
7=Window Title
8=Local Page

[URLSearchHooks]
key=*\Software\Microsoft\Internet Explorer\URLSearchHooks
1=*

[SearchURL]
key=HKCU\Software\Microsoft\Internet Explorer\SearchURL
1=*

[FeatureControl]
key=HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\*
1=*

[SafeSites]
key=HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites
1=*

[Styles]
key=*\Software\Microsoft\Internet Explorer\Styles
1=Use My Stylesheet
2=User Stylesheet

[ControlPanel]
key=*\Software\Policies\Microsoft\Internet Explorer\Control Panel
1=*

[IE_Download]
key=*\Software\Microsoft\Internet Explorer\Download
1=*

[IE_Attachments]
key=HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
1=*

[IE_Associations]
key=HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
1=*
 

;============================
;(5) Internet Explorer Plugins
;============================
[Internet Explorer Plugins]
1=BHO
2=IEToolbar
3=MenuExt

[BHO]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\*
1=*

[IEToolbar]
key=*\SOFTWARE\Microsoft\Internet Explorer\Toolbar\*
1=*

[MenuExt]
key=*\SOFTWARE\Microsoft\Internet Explorer\MenuExt\*
1=*

;============================
;(6) System Security
;============================
[System Security]
1=Policies_Explorer
2=Policies_System
3=Memory Management
4=Winlogon
5=Driver Signing
6=Firewall Policy
7=Policies_Explorer2
8=Policies_Explorer3

[Policies_Explorer]
key=*\SOFTWARE\Microsoft\Windows\Currentversion\Policies\Explorer
1=*

[Policies_System]
key=*\Software\Microsoft\Windows\CurrentVersion\Policies\System
1=*

[Memory Management]
key=HKLM\SYSTEM\ControlSet???\Control\Session Manager\Memory Management
1=EnforceWriteProtection

[Winlogon]
key=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
1=SFCDisable

[Driver Signing]
key=*\Software\Microsoft\Driver Signing
1=Policy

[Firewall Policy]
key=HKLM\SYSTEM\ControlSet???\Services\SharedAccess\Parameters\FirewallPolicy\*
1=*

[Policies_Explorer2]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
1=*

[Policies_Explorer3]
key=*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\*
1=*

;============================
;(7) System Services
;============================
[System Services]
28=Services_ImagePath
29=Services_Parameters
30=Services_VXD

[Services_ImagePath]
key=HKLM\System\ControlSet???\Services\*
1=ImagePath

[Services_Parameters]
key=HKLM\System\ControlSet???\Services\*\Parameters
1=ServiceDll

[Services_VXD]
key=HKLM\System\ControlSet???\Services\VXD\*
1=StaticVxD

;============================
;(8) Explorer Settings
;============================
[Explorer Settings]
1=contextmenuhandlers1
2=contextmenuhandlers2
3=contextmenuhandlers3
4=contextmenuhandlers4
5=contextmenuhandlers5

[contextmenuhandlers1]
key=HKCR\*\shellex\contextmenuhandlers\*
1=*

[contextmenuhandlers2]
key=HKCR\AllFileSystemObjects\shellex\contextmenuhandlers\*
1=*

[contextmenuhandlers3]
key=HKCR\Folder\shellex\contextmenuhandlers\*
1=*

[contextmenuhandlers4]
key=HKCR\Directory\shellex\contextmenuhandlers\*
1=*

[contextmenuhandlers5]
key=HKCR\Directory\Background\shellex\ContextMenuHandlers\*
1=*

;============================
;(9) Kaspersky Settings
;============================
[Kaspersky Settings]
1=KAV_IE_PLUGIN1
2=KAV_IE_PLUGIN2
3=KAV_Installation1
4=KAV_Installation2
5=KAV_Installation3
6=KAV_Installation4
7=KAV_Installation5
8=KAV_AppCompatFlags

[KAV_IE_PLUGIN1]
key=HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}
recursive=1
1=*

[KAV_IE_PLUGIN2]
key=HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} 
recursive=1
1=*

[KAV_Installation1]
key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F45DCD0D928C5A14FA23176E23BBE0C2
recursive=1
-1=*

[KAV_Installation2]
key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9293915725A94AC489EDC82769499002
recursive=1
-1=*

[KAV_Installation3]
key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DA689B978D458944AA6098088892CA0C
recursive=1
-1=*

[KAV_Installation4]
key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\106BB9B49E3124043ACB7E59B54F9AF8
recursive=1
-1=*

[KAV_Installation5]
key=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D014477C9FE37ED4CA1033623161E3FC
recursive=1
-1=*

[KAV_AppCompatFlags]
key=HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
1=*avp.exe

; 0XLSznpdI71fB300e7Uwj1BKTMCKuNtLmknJCs2MecOSmU4lZYmjlqF8w+нн