Monitoring Registry Lines

[gearShifts]

Is there any program which can trace all the alterations made to registry (Windows Registry)?

My machine runs on Windows XP SP3, and I want to review all registry entries done by installing or running a particular program.I think any malicious codes running from registry could be recognized prior to any damages.

For an instance, I had previously installed a program named X. Later, to install the newer version (overwrite not permitted), I uninstilled the previous one. But still the latest version while running set up says "You had previously installed the earlier version, but the registry entries were not cleaned properly. Please, remove them all to proceed the installation."

My guesticulation says blocking of access to registry by the antivirus s/w might have prevented cleaning of regedit entries while uninstalling.

 

[Quiz_Master]

When I was on Windows 2000 I used Active Registry Monitor.. ( Now i dont use anything like it..)

You can moniter ur registry by making snapeshot of it...
So what u can do 4 ur purpose is b4 installing a Softie make snapeshot & after installing create snapeshot and compare them.. It will show you all the changes between both snapeshots...

 

[blueshift]

RegShot is a small registry compare utility(freeware) that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.

Download

 

[pushkaraj]

Download

Thanx for the link.

@gearShifts, you can also try this -> Regmon

RegMon is a Registry monitoring utility that will show you which applications are accessing your Registry, which keys they are accessing, and the Registry data that they are reading and writing - all in real-time. This advanced utility takes you one step beyond what static Registry tools can do, to let you see and understand exactly how programs use the Registry. With static tools you might be able to see what Registry values and keys changed. With Regmon you'll see how the values and keys changed..

 

[anandk]

Windows does not provide an in-built Registry monitoring tool, unfortunately.

The most you can do is to harness the command-line program fc.exe to compare registry export files that you create before and after the registry change.

First, export a .reg file (or .txt file) and name it as say reg1
Then let the change happen; ie install the program, etc.
Now export the changed .reg file (or .txt file) and name it as say, reg2.

Open a command prompt and type
fc /u reg1.reg reg2.reg > regcompare.txt

Since .reg files use unicode, the /u switch, tells fc.exe to use Unicode
You can now inspect the output regcompare in Notepad

Alternatively, you may want to use 3rd party tools. Sysinternals Process Monitor is a great freeware, to monitor registry changes in real time.

Extract From : De-Mystifying Windows Vista Registry