今天,打開保存在本地的html文件時候,居然不是ie大哥跳出來,
the kmplayer,而是Kmplayer,
kmplayer rmvb解碼器,打開注冊表來到HKEY_CLASSES_ROOT\htmlfile\shell,沒有發現什麼可疑啊.納悶之餘想到了使用regmon看一下打開html文件時候注冊表的動作,發現了
140 0.75233209 Explorer.EXE:1980 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html\Progid NOT FOUND
141 0.75235301 Explorer.EXE:1980 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html SUCCESS
142 0.75238907 Explorer.EXE:1980 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html SUCCESS Access: 0x2000000
143 0.75240177 Explorer.EXE:1980 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html\Application SUCCESS "KMPlayer.exe"
144 0.75241578 Explorer.EXE:1980 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html SUCCESS
145 0.75244093 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
146 0.75246555 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\Applications\KMPlayer.exe NOT FOUND
147 0.75249463 Explorer.EXE:1980 OpenKey HKCR\Applications\KMPlayer.exe SUCCESS Access: 0x2000000
148 0.75255328 Explorer.EXE:1980 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html SUCCESS Access: 0x2000000
149 0.75256503 Explorer.EXE:1980 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html\Progid NOT FOUND
150 0.75257844 Explorer.EXE:1980 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html SUCCESS
151 0.75261337 Explorer.EXE:1980 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html SUCCESS Access: 0x2000000
152 0.75262529 Explorer.EXE:1980 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html\Application SUCCESS "KMPlayer.exe"
153 0.75263846 Explorer.EXE:1980 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.html SUCCESS
154 0.75265682 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
155 0.75267708 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\Applications\KMPlayer.exe NOT FOUND
156 0.75270176 Explorer.EXE:1980 OpenKey HKCR\Applications\KMPlayer.exe SUCCESS Access: 0x2000000
157 0.75272655 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
158 0.75275564 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\.html SUCCESS Access: 0x2000000
159 0.75276905 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\.html SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\.html
160 0.75280172 Explorer.EXE:1980 OpenKey HKCR\.html SUCCESS Access: 0x2000000
161 0.75281340 Explorer.EXE:1980 QueryValue HKCU\Software\Classes\.html\(Default) SUCCESS "htmlfile"
162 0.75282538 Explorer.EXE:1980 CloseKey HKCR\.html SUCCESS
163 0.75284278 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
164 0.75287104 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\htmlfile SUCCESS Access: 0x2000000
165 0.75288415 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\htmlfile SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\htmlfile
166 0.75290197 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\htmlfile\CurVer NOT FOUND
167 0.75291759 Explorer.EXE:1980 OpenKey HKCR\htmlfile\CurVer NOT FOUND
168 0.75293112 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\htmlfile SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\htmlfile
169 0.75295597 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\htmlfile SUCCESS Access: 0x2000000
170 0.75296950 Explorer.EXE:1980 CloseKey HKCU\Software\Classes\htmlfile SUCCESS
171 0.75298595 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\htmlfile SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\htmlfile
172 0.75300515 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\htmlfile\ShellEx\DataHandler NOT FOUND
173 0.75302160 Explorer.EXE:1980 OpenKey HKCR\htmlfile\ShellEx\DataHandler NOT FOUND
174 0.75303429 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\.html SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\.html
175 0.75305212 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\.html\ShellEx\DataHandler NOT FOUND
176 0.75306773 Explorer.EXE:1980 OpenKey HKCR\.html\ShellEx\DataHandler NOT FOUND
177 0.75308502 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
178 0.75310570 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\SystemFileAssociations\.html NOT FOUND
179 0.75312179 Explorer.EXE:1980 OpenKey HKCR\SystemFileAssociations\.html NOT FOUND
180 0.75314659 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
181 0.75317353 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\.html SUCCESS Access: 0x1
182 0.75318551 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\.html SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\.html
183 0.75321037 Explorer.EXE:1980 OpenKey HKCR\.html SUCCESS Access: 0x2000000
184 0.75322068 Explorer.EXE:1980 QueryValue HKCU\Software\Classes\.html\PerceivedType NOT FOUND
185 0.75323075 Explorer.EXE:1980 QueryValue HKCR\.html\PerceivedType SUCCESS "text"
186 0.75324255 Explorer.EXE:1980 CloseKey HKCR\.html SUCCESS
187 0.75325722 Explorer.EXE:1980 CloseKey HKCU\Software\Classes\.html SUCCESS
188 0.75327432 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
189 0.75329536 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\SystemFileAssociations\text NOT FOUND
190 0.75331974 Explorer.EXE:1980 OpenKey HKCR\SystemFileAssociations\text SUCCESS Access: 0x2000000
191 0.75334007 Explorer.EXE:1980 QueryKey HKCR\SystemFileAssociations\text SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssoc iations\text
192 0.75337046 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\SystemFileAssociations\text\ ShellEx\DataHandler NOT FOUND
193 0.75338864 Explorer.EXE:1980 OpenKey HKCR\SystemFileAssociations\text\ShellEx\DataHandl er NOT FOUND
194 0.75340533 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
195 0.75342816 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\* NOT FOUND
196 0.75345135 Explorer.EXE:1980 OpenKey HKCR\* SUCCESS Access: 0x2000000
197 0.75346321 Explorer.EXE:1980 QueryKey HKCR\* SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\*
198 0.75348896 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\*\ShellEx\DataHandler NOT FOUND
199 0.75350583 Explorer.EXE:1980 OpenKey HKCR\*\ShellEx\DataHandler NOT FOUND
200 0.75352144 Explorer.EXE:1980 CloseKey HKCR\Applications\KMPlayer.exe SUCCESS
201 0.75353652 Explorer.EXE:1980 CloseKey HKCU\Software\Classes\.html SUCCESS
202 0.75355095 Explorer.EXE:1980 CloseKey HKCU\Software\Classes\htmlfile SUCCESS
203 0.75356591 Explorer.EXE:1980 CloseKey HKCR\SystemFileAssociations\text SUCCESS
204 0.75357980 Explorer.EXE:1980 CloseKey HKCR\* SUCCESS
205 0.75360817 Explorer.EXE:1980 QueryKey HKCR\Applications\KMPlayer.exe SUCCESS Name: \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\KM Player.exe
206 0.75363427 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\Applications\KMPlayer.exe NOT FOUND
207 0.75365794 Explorer.EXE:1980 OpenKey HKCR\Applications\KMPlayer.exe SUCCESS Access: 0x2000000
208 0.75367510 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
209 0.75370270 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\.html SUCCESS Access: 0x2000000
210 0.75371510 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\.html SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\.html
211 0.75373983 Explorer.EXE:1980 OpenKey HKCR\.html SUCCESS Access: 0x2000000
212 0.75375080 Explorer.EXE:1980 QueryValue HKCU\Software\Classes\.html\(Default) SUCCESS "htmlfile"
213 0.75376314 Explorer.EXE:1980 CloseKey HKCR\.html SUCCESS
214 0.75377971 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
215 0.75380719 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\htmlfile SUCCESS Access: 0x2000000
216 0.75382030 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\htmlfile SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\htmlfile
217 0.75383788 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\htmlfile\CurVer NOT FOUND
218 0.75385302 Explorer.EXE:1980 OpenKey HKCR\htmlfile\CurVer NOT FOUND
219 0.75386608 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\htmlfile SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\htmlfile
220 0.75388980 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\htmlfile SUCCESS Access: 0x2000000
221 0.75390285 Explorer.EXE:1980 CloseKey HKCU\Software\Classes\htmlfile SUCCESS
222 0.75391811 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\htmlfile SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\htmlfile
223 0.75394166 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\htmlfile SUCCESS Access: 0x2000000
224 0.75395828 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
225 0.75397867 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\SystemFileAssociations\.html NOT FOUND
226 0.75399482 Explorer.EXE:1980 OpenKey HKCR\SystemFileAssociations\.html NOT FOUND
227 0.75401634 Explorer.EXE:1980 QueryKey HKCU\Software\Classes SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES
228 0.75404233 Explorer.EXE:1980 OpenKey HKCU\Software\Classes\.html SUCCESS Access: 0x1
229 0.75405425 Explorer.EXE:1980 QueryKey HKCU\Software\Classes\.html SUCCESS Name: \REGISTRY\USER\S-1-5-21-1614895754-1343024091-6820 03330-500_CLASSES\.html
230 0.75407803 Explorer.EXE:1980 OpenKey HKCR\.html SUCCESS Access: 0x2000000
231 0.75408816 Explorer.EXE:1980 QueryValue HKCU\Software\Classes\.html\PerceivedType NOT FOUND
232 0.75410205 Explorer.EXE:1980 QueryValue HKCR\.html\PerceivedType SUCCESS "text"
233 0.75411600 Explorer.EXE:1980 CloseKey HKCR\.html SUCCESS
234 0.75413078 Explorer.EXE:1980 CloseKey HKCU\Software\Classes\.html SUCCESS
將紅色字體標注的注冊表項刪除後恢復正常.
相关文章: