“Kadang suka bingung, nanti habis menikah bagaimana yah ?
Takut gak bisa kasih makan ,
Takut gak bisa menjadi pemimpin yang baik,
Bagaimana bisnis aku sehabis menikah,
Padahal uang simpanan dan tabungan aku udah hampir abis, dan aku perkirakan bakalan habis ketika menikah ,
jadi bagaimana dong?
Ditengah kebutuhan yang begitu banyak, aku memberanikan diri mengikuti acara yang terbilang cukup mahal untuk di hadiri selama 2 hari. di jakarta pula.
Tapi aku pikir acara ini insyallah bermanfaat ..
Mudah-mudahan Allah SWT memberikan dan mengkaruniakan ilmu kepada aku lewat acara ini..
dan dapat digunakan untuk melanjutkan kehidupan di dunia ini.
Mudah-mudahan bisa terbayar berlipat-lipat ongkos acara ini, bela-belain bayar sebegini mahal buat acara itu, padahal kebutuhan pernikahan masih banyak ..
Mudah-mudahan Allah SWT meridhoi langkah aku..
Mudah-mudahan dikaruniakan Rezeki yang melimpah dan berkah serta halal an toyyibah..
Mudah-mudahan bisa menjadi keluarga yang sakinah mawadah warahmah ..
Mudah-mudahan bisnis aku jadi lancar, bisnis online nya jg lancar, bisnis properti nya jg bisa maju..Amin ya Allah Amin..

2) BLOWING TOO HARD IN HER EAR.
Admit it, some kid at school told you girls love this. Well, there’s a
difference between being erotic and blowing as if you’re trying to
extinguish
the candles on your 50th birthday cake. That hurts.

3) NOT SHAVING.
You often forget you have a porcupine strapped to your chin which you
rake
repeatedly across your partner’s face and thighs. When she turns her head
from side to side, it’s not passion, it’s avoidance.

4) SQUEEZING HER BREAST.
Most men act like a housewife testing a melon for ripeness when they
get
their hand on a pair. Stroke, caress, and smooth them.

5) BITING HER NIPPLES.
Why do men fasten onto a woman’s nipples, then clamp down like they’re
trying to deflate her body via her breasts? Nipples are highly sensitive.
They can’t stand up to chewing. Lick and suck them gently. Flicking your
tongue across them is good. Pretending they’re a doggie toy isn’t.

6) TWIDDLING HER NIPPLES.
Stop doing that thing where you twiddle the nipples between finger and
thumb like you’re trying to find a radio station in a hilly area. Focus on
the whole breasts, not just the exclamation points.

7) IGNORING THE OTHER PARTS OF HER BODY.
A woman is not a highway with just three turnoffs: Breastville East and
West, and the Midtown Tunnel. There are vast areas of her body which you’ve
ignored far too often as you go bombing straight into downtown Vagina.  So
start paying them some attention.

GETTING THE HAND TRAPPED.
Poor manual dexterity in the underskirt region can result in tangled
fingers and underpants.  If you’re going to be that aggressive, just ask
her
to take the damn things off.

9) LEAVING HER A LITTLE PRESENT.
Condom disposal is the man’s responsibility. You wore it, you store it.

10) ATTACKING THE CLITORIS.
Direct pressure is very unpleasant, so gently rotate your fingers along

side of the clitoris.

11) STOPPING FOR A BREAK.
Women, unlike men, don’t pick up where they left off. If you stop, they

plummet back to square one very fast. If you can tell she’s not there, keep

going at all costs, numb jaw or not.

12) UNDRESSING HER AWKWARDLY.
Women hate looking stupid, but stupid she will look when naked at the
waist with a sweater stuck over her head. Unwrap her like an elegant
present,
not a kid’s toy.

13) GIVING HER A WEDGIE DURING FOREPLAY.
Stroking her gently through her panties can be very sexy. Pulling the
material up between her thighs and yanking it back and forth is not.

14) BEING OBSESSED WITH THE VAGINA.
Although most men can find the clitoris without maps, they still
believe
that the vagina is where it’s all at. No sooner is your hand down there
than
you’re trying to stuff stolen banknotes up a chimney.  This is okay in
principle, but if you’re not careful, it can hurt – so don’t get carried
away. It’s best to pay more attention to her clitoris and the exterior of
her
vagina at first, then gently slip a finger inside her
and see if she likes it.

15) MASSAGING TOO ROUGHLY.
You’re attempting to give her a sensual, relaxing massage to get her in
the mood. Hands and fingertips are okay; elbows and knees are not.

16) UNDRESSING PREMATURELY.
Don’t force the issue by stripping before she’s at least made some move
toward getting your stuff off, even if it’s just undoing a couple of
buttons.

17) TAKING YOUR PANTS OFF FIRST.
A man in socks and underpants is at his worst.  Lose the socks first.

18) GOING TOO FAST.
When you get to the penis-in-vagina situation, the worst thing you can
do
is pump away like an industrial power tool – she’ll soon feel like an
assembly line worker made obsolete by your technology.  Build up slowly,
with
clean, straight, regular thrusts.

19) GOING TOO HARD.
If you bash your great triangular hip bones into her thigh or stomach,
the pain is equal to two weeks of horseback riding concentrated into a few
seconds.

20) COMING TOO SOON.
Every man’s fear. With reason. If you shoot before you see the whites
of
her eyes, make sure you have a backup plan to ensure her pleasure too.

21) NOT COMING SOON ENOUGH.
It may appear to you that humping for an hour without climaxing is the
mark of a sex god, but to her it’s more likely the mark of a numb vagina.
At
least buy some intriguing wall hangings, so she has something to hold her
interest while you’re playing Marathon Man.

22) ASKING IF SHE HAS COME.
You really ought to be able to tell. Most women make noise. But if you
really don’t know, don’t ask

23) PERFORMING ORAL SEX TOO GENTLY.
Don’t act like a giant cat at a saucer of milk. Get your whole mouth
down
there, and concentrate on gently rotating or flicking your tongue on her
clitoris.

24) NUDGING HER HEAD DOWN.
Men persist in doing this until she’s eyeball-to-penis, hoping that it
will lead very swiftly to mouth-to-penis. All women hate this. It’s about
three steps from being dragged to a cave by their hair. If you want her to
use her mouth, use yours; try talking seductively to her.

25) NOT WARNING HER BEFORE YOU CLIMAX.
Sperm tastes like sea water mixed with egg white.  Not everybody likes
it.
When she’s performing oral sex, warn her before you come so she can do
what’s
necessary.

26) MOVING AROUND DURING FELLATIO.
Don’t thrust. She’ll do all the moving during fellatio. You just lie
there. And don’t grab her head.

27) TAKING ETIQUETTE ADVICE FROM PORN MOVIES.
In X-rated movies, women seem to love it when men ejaculate over
them.
In real life, it just means more laundry to do.

28) MAKING HER RIDE ON TOP FOR AGES.
Asking her to be on top is fine. Lying there grunting while she does
all
the hard work is not. Caress her gently, so that she doesn’t feel quite so
much like the captain of a schooner. And let her have a rest.

29) ATTEMPTING ANAL SEX AND PRETENDING IT WAS AN ACCIDENT.
This is how men earn a reputation for not being able to follow
directions.
If you want to put it there, ask her first. And don’t think that being
drunk
is an excuse.

30) TAKING PICTURES.
When a man says, “Can I take a photo of you?” she’ll hear the
words”__to
show my buddies.” At least let her have custody of them.

31) NOT BEING IMAGINATIVE ENOUGH.
Imagination is anything from drawing patterns on her back to pouring
honey
on her and licking it off. Fruit, vegetables, ice and feathers are all
handy
props; hot candle wax and permanent dye are a no no.

32) SLAPPING YOUR STOMACH AGAINST HERS.
There is no less erotic noise. It’s as sexy as a belching contest.

33) ARRANGING HER IN STUPID POSES.
If she wants to do advanced yoga in bed, fine, but unless she’s a
Romanian
gymnast, don’t get too ambitious. Ask yourself if you want a sexual partner
with snapped hamstrings.

34) LOOKING FOR HER PROSTATE.
Read this carefully: Anal stimulation feels good for men because they
have
a prostate. Women don’t.

35) GIVING LOVE BITES.
It is highly erotic to exert some gentle suction on the sides of the
neck,
if you do it carefully. No woman wants to have to wear turtlenecks and
jaunty
scarves for weeks on end.

36) BARKING INSTRUCTIONS.
Don’t shout encouragement like a coach with a megaphone. It’s not a big
turn-on.

37) TALKING DIRTY.
It makes you sound like a lonely magazine editor calling a 1-900line.
If
she likes nasty talk, she’ll let you know

38) NOT CARING WHETHER SHE COMES.
You have to finish the job. Keep on trying until you get it right, and
she
might even do the same for you.

39) SQUASHING HER.
Men generally weigh more than women, so if you lie on her a bit too
heavily, she will turn blue.

40) THANKING HER.
Never thank a woman for having sex with you. Your bedroom is not a
soup kitchen.

§ NoFolderOptions = 1

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavgd.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avguard.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avscan.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ClamWinPortable.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-SE.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\\debugger

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ViRemoval.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winamp.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winrar.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winzip.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antv-md5-pattern.exe

§ Debugger = “”

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN

§ CheckedValue = 2

§ DefaultValue = 2

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

§ CheckedValue = 1

§ DefaultValue = 1

- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

o NoClose

o NoFInd

o NoFolderOptions

o NoRun

o NoTrayContextMenu

o NoViewContextMenu

o NoWinLeys

- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

o DisableRegistryTools

- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System

o DisableCMD

- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

o DisableMSI

o NoClose

o NoFolderOptions

o NoViewContextMenu

o NoWinKeys

- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command

o Default = cmd.exe /c del “%1″

- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile

o NeverShowExt [menyembunyikan ext. exe]

- HKEY_CLASSES_ROOT\exefile

o NeverShowExt [menyembunyikan ext. exe]

Untuk menyamarkan tipe file ia membuat string registry :

o HKCR\exefile

(default) ===> icon

Nevershowext ===>

o HKLM\SOFTWARE\Classes\exefile

(default) ===> icon

Nevershowext ===>

Seperti kita ketahui virus ini tidak memblok fungsi windows seperti folder options, tetapi akan mencoba melakukan perubahan terhadap setting folder options. Untuk itu ia akan membuat string registry (lihat gambar 4) :

o HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\

ShowSuperHidden ===> 0

o HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden

CheckedValue ===> 1

DefaultValue ===> 1

Sebagai penunjang, ia akan membuat string registry pada :

o HKLM\SOFTWARE\Microsoft\Windows|CurrentVersion\Run

def ===> C:\WINDOWS\Temp\Vel.exe

SysRestore ===> c:\windows\system32\restoration.msd

o HKCU\Control Panel\Desktop

SCRNSAVE.exe ===> C:\WINDOWS\Temp\%fileduplikat%.exe

Aktif pada Safe Mode & Safe Mode with Command Prompt

Selain aktif pada mode “normal”, virus ini pun aktif pada mode “safe mode” dan “safe mode with command prompt”. Untuk itu ia membuat string registry pada :

o HKLM\SYSTEM\ControlSet001\Control\SafeBoot

AlternateShell ===> c:\windows\system32\CommandPrompt.Sysm

o HKLM\SYSTEM\ControlSet002\Control\SafeBoot

AlternateShell ===> c:\windows\system32\CommandPrompt.Sysm

o HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

AlternateShell ===> c:\windows\system32\CommandPrompt.Sysm

Mengganti Task Manager, Regedit dan Solitaire dengan game FreeCel

Untuk menjaga eksistensinya, VBWorm.NUJ akan mencoba untuk blok beberapa fungsi Windows seperti Folder Option/regedit/maupun Task Manager dengan menggantinya dengan program game seperti yang pernah dilakukan oleh varian FaceCool, untuk melakukan hal tersebut VBWorm.NUJ akan mencoba untuk membuat string pada registry berikut :

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

- debugger = C:\WINDOWS\system32\freecell.exe

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe

- debugger = C:\WINDOWS\system32\sol.exe

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

- debuger = C:\WINDOWS\system32\spider.exe

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer

- DisableMSI =1

- LimitSystemRestoreCheckpointing = 1

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore

- DisableConfig

- DisableSR

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore

- DisableCOnfig = 1

- DisableSR = 1

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- NoFolderOptions

- NORun

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

- DisableRegistryTools

- DisableTaskMgr

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

- NoFolderOption

- NoRun

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

- DisableRegistryTools

- DisabletaskMgr

· HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

- Hidden = 0

- HideFileExt = 1

- ShowSuperHidden = 0

· HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN

- text = @shell32.dll,-30501

· HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

- text = @shell32.dll,-30500 esan dari pembuat virus

Salah satu aksi yang aka dilakukan oleh VBWorm.NUJ adalah akan menampilkan sebuah kendela Internet Explorer setiap kali komputer dinyalakan dengan menjalankan file C:\Message From Indonesia.htm yang diiringingi dengan lagu kebangsaan Indonesia Raya.

Berikut petikan pesan yang akan ditampilkan dari Internet Explorer

Untuk melakukan hal ini, VBWorm.NUJ akan mencoba untuk membuat string pada registry berikut:

· HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

o Start Page = C:\Message From Indonesia.htm

VBWorm.NUJ juga akan mencoba untuk merubah nama perusahaan dan nama pemilik Windows dengan membuat string pada registry berikut:

· HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor

o ProcessorNameString = Core 2 Duo Extreme

· HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

o RegisteredOrganization = Paraysutki #VM Community

o RegisteredOwner = W32.Moontox.Bro [B-2]

o ProductId = Hacker@Cracker@Indonesia

File Exe berubah menjadi File Folder

Untuk melakukan hal tersebut, VBWorm.NUJ akan membuat string pada registry berikut:

· HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile

- Default = file folder

- InfoTip = file folder

- NeverShowExt

- TileInfo = file folder

· HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon

- Default = %SystemRoot%\System32\shell32.dll,4

· HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory

- AlwaysShowExt = FIle Folder

- InfoTip = File Folder

- NeverShowExt = File Folder

VBWorm.NUJ juga akan membut string pada registry berikut:

· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer

- Description = !!! Sory ya Ngk boleh buka Aplication Microsoft (.msi) Kecuali buka Executable (.exe) !!!

- imagePath = Go To Vagina

- ObjectPath = Dasar Buaya Darat

- DisplayName = WIndows Installer

- start = 4

- type = 4

· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc

- description = !!! Maaf yee Fitur Security Center gue Non aktifkan dulu…biar aman !!!

- imagepath= Go To Mak Erot

- objectpath = LocalMoontox

- DisplayName =Security Center

- start = 4

- type = 4

· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter

- description = !!! Hi..hi..hi biar ngak ketauan gue non aktif aja fitur ini (:-p) wee !!!

- imagepath = Mulutmu Harimaumu

- objectpath = Mulutmu Harimaumu

- DisplayName = Alerter

- DependOnService = LanmanWorkstation

- start = 4

- type = 4

· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry

- Start = 4

- Type = 4

· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ansavgd

- Description = !!! ANSAV kga Mempan sama Moontox Bro (>_<)

- Imagepath = Go To Mak Erot

- ObjectName = !!! Kasian Dech lo, Cape dech !!!

- start = 4

- type = 4

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice

- Description = !!! Tak akan kubiarkan kau mengembalikan keadaan !!!

- Display name = System Restore Service

- imagepath = %SystemRoot%\System32\svchost.exe -k netsvcs (ok)

- start = 4

- stop = 4

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\Parameters

- ServiceDll = C:\WINDOWS\service.exe

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

- EnableRemoteConnect = N

Logoff jika akses Regedit / VBS file

Dalam rangka melindungi dirinya dari pembasmian, virus ini menambahkan blok akses file INF/VBS dan Registry file sehingga jika user menjalankan file yang mempunyai ekstensi tersebut maka komputer akan langsung logoff. Untuk melakukan hal tersebut ia akan membuat string pada registry berikut:

· HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command

§ Default = logoff.exe

· HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\Shell\Install\Command

§ Default = logoff.exe

· HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\Shell\open\Command

§ Default = logoff.exe

· HKCR\inffile\shell\Install\command

§ Default = logoff.exe

· HKCR\regfile\shell\open\command

§ Default = logoff.exe

· HKCR\VBSFile\Shell\Edit\Command

§ Default = logoff.exe

Ø HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon

· Userinit = C:\windows\system32\userinit.exe, c:\documents and settings\localservice\local settings\spoolsv.exe

· Shell = explorer.exe C:\documents and settings\localservice\local settings\svchost.exe

· System = C:\Documents and Settings\LocalService\Local Settings\mencerdaskan_Bangsa.exe

Ø HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

· Load = c:\documents and settings\%user%\local settings\application data\csrss.exe

Ø HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AEDebug

· Debugger = C:\Documents and Settings\LocalService\Local Settings\Application Data\lsass.exe

Ø HKEY_CURRENT_USER\Software\Microsoft\Command Processor

· Autorun

[Version]

Signature=”$Chicago$”

Provider=Vaksincom Oye

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”

HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”

HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”

HKLM< SOFTWARE\Classes\lnkfile\shell\open\command,,,”"”%1″” %*”

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,UncheckedValue,0×00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN, CheckedValue,0×00010001,2

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN, DefaultValue,0×00010001,2

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue,0×00010001,1

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue,0×00010001,1

[del]

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistriTools

HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions

HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistriTools

HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Msconfig.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistriEditor.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, winsystem

HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microfost

HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sysedit

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansavgd.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avguard.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avscan.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ClamWinPortable.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-SE.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe, debugger

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ViRemoval.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winamp.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winrar.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winzip.exe

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antv-md5-pattern.exe

im oWSH: Set oWSH = CreateObject(“WScript.Shell”)

on error resume Next

oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command\”,”"”%1″” %*”

oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command\”,”"”%1″” %*”

oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command\”,”"”%1″” %*”

oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command\”,”"”%1″” %*”

oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\scrfile\shell\open\command\”,”"”%1″” /S”

oWSH.Regwrite “HKEY_LOCAL_MACHINE\Software\CLASSES\regfile\shell\open\command\”,”regedit.exe %1″

oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell”,”cmd.exe”

oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell”,”cmd.exe”

oWSH.Regwrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\AlternateShell”,”cmd.exe”

oWSH.Regwrite

“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell”,”cmd.exe”oWSH.Regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell”,”Explorer.exe”

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Word”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Printer Cpl”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableMSI”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\LimitSystemRestoreCheckpointing”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinLeys”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCLose”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Nofind”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableMSI”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinLeys”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NOLogoff”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”)

oWSH.RegDelete(“HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogoff”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispApprearancePage”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCpl”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispSettingsPage”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\

System\NoScrSavPage”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt”)

oWSH.RegDelete(“HKEY_CLASSES_ROOT\exefile\NeverShowExt”)

oWSH.RegDelete(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”)

oWSH.RegDelete(“HKEY_CURRENT_USER\Software\policies\Microsoft\system\DisableCMD”)

1. Klik menu [START],
2. Klik [Run]
3. Ketik GPEDIT.MSC pada kolom “RUN”
4. Pilih Administrative Templates pada menu Computer Configuration.
5. Klik pada View kemudian pilih Filtering
6. Klik un-select pada check-box untuk mematikan pilihan “Only show policy settings that can be fully managed” dan kemudian klik OK
7. Klik kanan pada menu Administrative Template, pilih Add/Remove Template
8. Pastikan bahwa file write_protect_removable_drives.adm ada di direktori C:\Window\INF. Kalau belum ada bisa di download di http://www.petri.co.il/software/usb_write_protect_adm.zip
9. Setelah selesai di download, un-pack file tersebut kemudian jalankan file batch-nya. Sehingga file write_protect_removable_drives.adm tercopy di direktori C:\Windows\INF
10. Kemudian Anda klik tombol ADD, pilih file write_protect_removable_drives.adm. Klik tombol OPEN
11. Kalau berhasil pada Add/Remove Templates akan nampak file write_protect_removable_drives.adm tersebut. Klik tombol CLOSE untuk mengakhiri sesi tersebut.
12. Setelah ditutup, maka akan terlihat sebuah menu baru dengan nama “Custom Policy Settings” dengan sub menu “Write Protection” dengan status “disable”
13. Klik 2 (dua) kali pada Write Protect USB Removable Drives. Akan nampak Write Protect USB Removable Drives Properties. Pada tab Setting pilih ENABLED dan statusnya Anda rubah menjadi ON. Klik Apply, dan untuk mengakhiri klik OK
14. Kalau berhasil, maka Statenya berubah menjadi Enable (lihat gambar 9).Untuk mengakhiri klik File, kemudian Exit.
15. Untuk merubah menjadi DISABLE, Anda ikuti langkah no. 12 dan 13 pada tab Setting pilih DISABLE dan statusnya Anda rubah menjadi OFF.

Ada cara lain untuk memproteksi penulisan pada Flash disk dengan menggunakan REGEDIT sebagai berikut :

i. Jalankan Regedit.exe, kemudian masuk ke :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\StorageDevicePolicies

buat sebuah value (DWORD)

WriteProtect dan beri nilai 1

ii. Kemudian tutup Registry Editor, Anda tidak perlu merestart computer untuk menjalankan fungsi tersebut. Untuk men-disable-kan fungsi di atas, ganti Value data-nya menjadi 0. File-file registri untuk masalah tersebut bisa Anda download di http://www.petri.co.il/software/usb_write_protect.zip. Pilih salah satu file REG-nya Disable atau Enable.

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

- microfost = C:\windows\system32\hanny.exe

- sysedit = C:\windows\iexplorer.exe

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

- winsystem = c:\windows\system32\aniee.exe

• • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

- Printer Cpl = C:\WINDOWS\SPOOL32.EXE

• • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

- Microsoft Word = C:\WINDOWS\system32\WINWORD.EXE

o HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4LLI

o HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\ CurrentControlSet\Services\4LLI

o HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\ CurrentControlSet\Services\4LLI

o HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ CurrentControlSet\Services\4LLI

o HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

§ windowsapp = C:\WINDOWS\windowsapp.exe

Security Task Manager
CurrProcess http://www.nirsoft.net/utils/cprocess.html

• C:\Windows\system32\hanny.exe
• C:\windows\system23\aniee.exe
• C:\autoexec.bat
• S:\tunggul.vbs
• C:\aniee.txt
• C:\windows\iexplorer.exe (Gultung.A)
• C:\Documents and Settings\%user login%
  • [System Process]BabII.doc .exe
  • [System Process]Fileku.doc .exe
  • [System Process]Jangan di buka .doc.exe
  • [System Process]Tolong.doc .exe
  • [System Process]Data.doc .exe
  • [System Process]Desposisi.doc .exe
  • [System Process]Empat Mata.doc .exe
  • [System Process]Benci.doc .exe

C:\Documents and Settings\%user%\Local Settings\Temp\Ngsys

Before you begin, gather your Windows and application CD-ROMs. Back up your data files (just to be safe), and then clear two days off your calendar. If everything goes smoothly, you can reinstall Windows in a few hours. But you have to assume something will go wrong: You may not be able to find a necessary CD, or data won’t be where you thought it was, or something will simply refuse to work.

There’s a difference between a repair reinstall and a complete reinstall. Though a repair (also called a refresh) will let you keep your current settings, a complete reinstall will give you a truly fresh version of Windows. Repairs are fast and easy, but they don’t fix anywhere near as many problems. The instructions below are for total reinstalls, except where noted.
Your Vendor’s Restore CD

Most computers ship with a vendor-specific restore CD rather than with a Microsoft Windows CD-ROM. (If your PC came with a Microsoft Windows CD, or if you bought a retail copy of Windows, skip to the section for your version.)

Some restore CDs give you all the options of a full Microsoft Windows CD, but with better instructions and the convenience of having all the right hardware drivers. Others can do nothing except reformat your hard drive and restore it to the condition it was in when you bought the PC. (This case is the exception I mentioned above that requires a reformat.)

If your restore CD is reformat-only, back up your data files to a network or a removable medium before reinstalling Windows. If you use Windows 98 or Me, back up C:\My Documents, plus the folders inside C:\Windows discussed in the 98*steroidsRgangstaa section below. If you have Windows 2000 or XP, back up C:\Documents and Settings. Also back up any other folders in which you store your data files.
Windows 98 and ME CDs

These Windows versions keep some important data inside your soon-to-be-erased Windows folder, so you need to copy several of its subfolders to another location. Right-click My Computer and select Explore. Double-click the C: drive icon (in Me, you may then have to click View the entire contents of this drive). Right-click in the right pane and select New, Folder. Name the new folder oldstuff.

Go to the Windows folder (you might have to click View the entire contents of this folder), hold down Ctrl, and select the following subfolders: All Users, Application Data, Desktop, Favorites, Local Settings, Profiles, SendTo, and Start Menu. If you don’t see them all, select View, Folder Options (Tools, Folder Options in Me), click the View tab, select Show all files, and click OK. (If you still don’t see them all, don’t worry about it.) Press Ctrl and drag the folders to C:\oldstuff (see FIGURE 1).

Restart Windows with a start-up disk in your floppy drive. (To make a start-up floppy, insert a disk, select Start, Settings, Control Panel, double-click Add/Remove Programs, click Startup Disk, Create Disk, and follow the prompts.) At the Startup Menu, select Start computer with CD-ROM support. While the drivers load, insert your Windows CD-ROM.

Unless you’re doing a repair reinstall, type the command c:\windows\command\deltree /y c:\windows and press Enter. Deleting your old files could take time, but the /y switch suppresses confirmation prompts, so take a break.

When you’re back at the A: prompt, type x:setup, where x is your CD drive letter (it’s likely one letter past what it usually is in Windows, so if it’s D: in Windows, it’s probably E: here). Press Enter and follow the prompts.

Once you’re back in Windows, reinstall your graphics card driver. If you have Windows set up for more than one user, you’ll also have to re-create each account. Select Start, Settings, Control Panel, Users to do so. It’s important that the user names match those in the old installation. If you’re not sure, open Windows Explorer and navigate to C:\oldstuff\profiles. There you’ll find a folder for each registered user name (see FIGURE 2). Don’t worry about passwords. Log off and log back on as each user. When you’re done, log off and back on one more time, but instead of choosing a user name and a password, press Esc to enter Windows without being a specific user.

Select Start, Programs, MS-DOS Prompt (in Windows 98) or Start, Programs, Accessories, MS-DOS Prompt (in Windows Me). Type xcopy c:\oldstuff\*.* c:\windows /s /h /r /c and press Enter (if you want to know what the xcopy switches do, enter the command xcopy /?). When xcopy asks if it should overwrite a file, press a for All.

When xcopy is through, reboot and log on (as a particular user, if necessary). Open My Documents to make sure all your personal files are where they belong, including your Internet Explorer favorites and your custom Start menu shortcuts.

Now skip ahead to “Finishing the Job.”
Windows 2000 and XP CDs

Boot your computer with your Windows CD-ROM inserted. When you get the ‘Press any key to boot from CD’ message, do so. (If you don’t see that message before Windows starts, restart Windows, press the key you’re prompted to enter for your PC Setup program, and change the boot order so your CD drive is first.)

At the ‘Welcome to Setup’ screen, press Enter. The R (repair) option takes you to the Recovery Module, which is useful if Windows won’t boot, but it’s no help with a reinstallation. Soon you’ll be told that there’s already a Windows installation on the computer. Press r for a repair reinstall or Esc to begin a complete, destructive one. For a complete restore, select your C: partition and press Enter. When you get the warning that says an operating system is on that partition, press c. When you are asked your partition preference, select Leave the current file system intact (no changes). When you’re told that a Windows folder (or Winnt folder for Windows 2000) already exists, press l (‘ell’) to delete it and create a new one. Follow the series of prompts. When the installation program asks for your name, enter temp.

Once the installation is complete, your system will reboot into Windows, and you’ll be logged on as user Temp. If the screen is difficult to read, reinstall your graphics card driver.

If you are reinstalling Windows XP, skip to “For Both Windows XP and 2000.”

If you’re reinstalling Windows 2000, log off as Temp and back on as Administrator. Now log off and on again, this time as Temp. Open Windows Explorer and navigate to C:\Documents and Settings. One of the subfolders will be named Administrator. Another will be named something like Administrator.computername.

Select Start, Programs, Accessories, Command Prompt. Type cd “\documents and settings” and press Enter. Then type xcopy administrator\*.* administrator.computername /s /h /r /c, replacing computername with the last part of that folder’s name (after “Administrator.”) in Documents and Settings. Now press Enter, and when you’re asked about overwriting files or folders, press a for All.

If you have any users on the old installation besides Administrator, continue with the “For Both Windows XP and 2000″ section. Otherwise, open Windows Explorer and make sure your data files are where they belong. Then go to Control Panel’s Users and Passwords applet and delete the user Temp before skipping to “Finishing the Job.”
For Both Windows XP and 2000

Reopen Windows Explorer. Select your C: drive (you may have to click Show the contents of this folder). Right-click in the right pane and select New, Folder. Name the new folder oldstuff. In the left pane, choose the Documents and Settings folder. It should have subfolders for each user from the previous install, plus one for Temp and a few others. Move the folders for your previous user names to oldstuff.

Select Start, Control Panel, User Accounts (Start, Settings, Control Panel, Users and Passwords in Windows 2000). Create an account for each user who was registered before the reinstall. Be sure to use the exact names. They are the same names as the folders you just moved to oldstuff (as shown in FIGURE 2). In Windows XP, at least one user must have administrator privileges.

Log off and back on as each user, before logging back on as Temp. Make sure that you select Log Off and not Switch User at Windows XP’s Log Off dialog box (this isn’t an issue in Win 2000).

Log on as Temp, select Start, Programs, Accessories, Command Prompt (in XP, Start, All Programs, Accessories, Command Prompt), type xcopy c:\oldstuff\*.* “c:\documents and settings” /s /h /r /c, and press Enter. Press a when asked if you want to overwrite a file. Log off Temp and log on to each restored account to make sure everyone’s documents and data are where they belong. Log on as an administrator and run Control Panel’s User Accounts applet again to remove the user Temp.
Finishing the Job

Now you’ve got Windows going, but not much else. You may have to reinstall your printer, sound card, and so on. Luckily, if a driver for the gadget came on your Windows or vendor restore CD, it was probably reinstalled automatically.

You’ll have to reinstall your applications to reintroduce them to Windows. Some of their settings will not be changed by the reinstallation, but those that were stored in the Registry were wiped out.

Once your Internet connection is running again, browse to Windows Update and download all critical updates for your version (see FIGURE 3). Then visit the sites of your hardware vendors to update your drivers.

After the reinstall, some of your data may not show up where it should. Search for it in both your Application Data and oldstuff folders, and see if you can move it to the folder in which Windows or your apps are looking for it. If you find a folder called Identities with two subfolders whose names are long and indecipherable, try moving the contents of one to the other and see if your data reappears.

You’ve probably guessed that the final step is deleting the c:\oldstuff folder–and the Administrator folder in Windows 2000. Make this the very last step, however. Wait a couple of days, weeks, or even months until you’re confident that all of your needed files are accessible.

In other words, a site built to web standards should ideally be lean, clean, CSS-based, accessible, usable and search engine friendly.

About the checklist

This is not an uber-checklist. There are probably many items that could be added. More importantly, it should not be seen as a list of items that must be addressed on every site that you develop. It is simply a guide that can be used:

* to show the breadth of web standards
* as a handy tool for developers during the production phase of websites
* as an aid for developers who are interested in moving towards web standards

The checklist

1.Quality of code
1. Does the site use a correct Doctype?
2. Does the site use a Character set?
3. Does the site use Valid (X)HTML?
4. Does the site use Valid CSS?
5. Does the site use any CSS hacks?
6. Does the site use unnecessary classes or ids?
7. Is the code well structured?
8. Does the site have any broken links?
9. How does the site perform in terms of speed/page size?
10. Does the site have JavaScript errors?

2. Degree of separation between content and presentation
1. Does the site use CSS for all presentation aspects (fonts, colour, padding, borders etc)?
2. Are all decorative images in the CSS, or do they appear in the (X)HTML?

3. Accessibility for users
1. Are “alt” attributes used for all descriptive images?
2. Does the site use relative units rather than absolute units for text size?
3. Do any aspects of the layout break if font size is increased?
4. Does the site use visible skip menus?
5. Does the site use accessible forms?
6. Does the site use accessible tables?
7. Is there sufficient colour brightness/contrasts?
8. Is colour alone used for critical information?
9. Is there delayed responsiveness for dropdown menus (for users with reduced motor skills)?
10. Are all links descriptive (for blind users)?

4. Accessibility for devices
1. Does the site work acceptably across modern and older browsers?
2. Is the content accessible with CSS switched off or not supported?
3. Is the content accessible with images switched off or not supported?
4. Does the site work in text browsers such as Lynx?
5. Does the site work well when printed?
6. Does the site work well in Hand Held devices?
7. Does the site include detailed metadata?
8. Does the site work well in a range of browser window sizes?

5. Basic Usability
1. Is there a clear visual hierarchy?
2. Are heading levels easy to distinguish?
3. Does the site have easy to understand navigation?
4. Does the site use consistent navigation?
5. Are links underlined?
6. Does the site use consistent and appropriate language?
7. Do you have a sitemap page and contact page? Are they easy to find?
8. For large sites, is there a search tool?
9. Is there a link to the home page on every page in the site?
10. Are visited links clearly defined with a unique colour?

6. Site management
1. Does the site have a meaningful and helpful 404 error page that works from any depth in the site?
2. Does the site use friendly URLs?
3. Do your URLs work without “www”?
4. Does the site have a favicon?

1. Quality of code

1.1 Does the site use a correct Doctype?
A doctype (short for ‘document type declaration’) informs the validator which version of (X)HTML you’re using, and must appear at the very top of every web page. Doctypes are a key component of compliant web pages: your markup and CSS won’t validate without them.