root/capture-mod/trunk/install/RegistryMonitor.exl

Revision 1775, 33.0 kB (checked in by xkovah, 4 months ago)

the results of nmake release-hpc…which is necessary to build the plugins

  • Property svn:executable set to *
Line 
1 #[+,-]  [Registry Event]    [Process Name]  [Registry Path]
2 ###################################################
3 ### Microsoft Windows XP SP2            ###
4 ###################################################
5 +   OpenKey .*  .*
6 +   CreateKey   .*  .*
7 +   CloseKey    .*  .*
8 +   EnumerateKey    .*  .*
9 +   EnumerateValueKey   .*  .*
10 +   QueryValueKey   .*  .*
11 +   QueryKey    .*  .*
12 +   SetValueKey .*  HKU\\.+\\SessionInformation\\ProgramCount
13 +   SetValueKey .*  HKCU\\Software\\Microsoft\\Windows\\ShellNoRoam.*
14 +   SetValueKey .*  HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\.+
15 +   SetValueKey .*  HKLM\\SOFTWARE\\Microsoft\\Cryptography\\RNG\\Seed.*
16 +   SetValueKey C:\\WINDOWS\\explorer.exe   HKCU\\SessionInformation\\.+
17 +   SetValueKey C:\\WINDOWS\\explorer.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\.+
18 +   SetValueKey C:\\WINDOWS\\explorer.exe   HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\.+
19 +   SetValueKey C:\\WINDOWS\\explorer.exe   HKU\\.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\.+
20 +   SetValueKey C:\\WINDOWS\\system32\\winlogon.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\State\\.+
21 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  \\REGISTRY\\USER\\.+
22 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKU\\.+
23 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\SystemCertificates\\.+
24 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKCU\\Software\\Microsoft\\SystemCertificates\\Root\\.+
25 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\.+
26 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\PCHealth\\.+
27 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\.+
28 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\.+
29 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\.+
30 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SYSTEM\\ControlSet001\\.+
31 +   SetValueKey C:\\WINDOWS\\system32\\services.exe HKLM\\SYSTEM\\ControlSet001\\.+
32 +   SetValueKey C:\\WINDOWS\\system32\\lsass.exe    HKLM\\SECURITY\\.+
33 +   SetValueKey C:\\WINDOWS\\system32\\lsass.exe    HKCU\\Software\\Microsoft\\Protected Storage System Provider\\.+
34 +   SetValueKey C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SOFTWARE\\Microsoft\\WBEM\\.+
35 +   SetValueKey C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SYSTEM\\ControlSet001\\Services\\WmiApRpl\\Performance\\.+
36 +   SetValueKey C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\.+
37 +   SetValueKey C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe   HKLM\\SOFTWARE\\Microsoft\\WBEM\\WDM\\.+
38 +   DeleteValueKey  .*  HKU\\.+\\SessionInformation\\ProgramCount
39 +   DeleteValueKey  .*  HKCU\\Software\\Microsoft\\Windows\\ShellNoRoam.*
40 +   DeleteValueKey  .*  HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\.+
41 +   DeleteValueKey  .*  HKLM\\SOFTWARE\\Microsoft\\Cryptography\\RNG\\Seed.*
42 +   DeleteValueKey  C:\\WINDOWS\\explorer.exe   HKCU\\SessionInformation\\.+
43 +   DeleteValueKey  C:\\WINDOWS\\explorer.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\.+
44 +   DeleteValueKey  C:\\WINDOWS\\explorer.exe   HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\.+
45 +   DeleteValueKey  C:\\WINDOWS\\explorer.exe   HKU\\.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\.+
46 +   DeleteValueKey  C:\\WINDOWS\\system32\\winlogon.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\State\\.+
47 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  \\REGISTRY\\USER\\.+
48 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKU\\.+
49 +   DeleteValueKey  C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\SystemCertificates\\.+
50 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKCU\\Software\\Microsoft\\SystemCertificates\\Root\\.+
51 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\.+
52 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\PCHealth\\.+
53 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\.+
54 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\.+
55 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\.+
56 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKCU\\Software\\Microsoft\\SystemCertificates\\Root\\.+
57 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SYSTEM\\ControlSet001\\.+
58 +   DeleteValueKey  C:\\WINDOWS\\system32\\services.exe HKLM\\SYSTEM\\ControlSet001\\.+
59 +   DeleteValueKey  C:\\WINDOWS\\system32\\lsass.exe    HKLM\\SECURITY\\.+
60 +   DeleteValueKey  C:\\WINDOWS\\system32\\lsass.exe    HKCU\\Software\\Microsoft\\Protected Storage System Provider\\.+
61 +   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SOFTWARE\\Microsoft\\WBEM\\.+
62 +   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SYSTEM\\ControlSet001\\Services\\WmiApRpl\\Performance\\.+
63 +   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\.+
64 +   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe   HKLM\\SOFTWARE\\Microsoft\\WBEM\\WDM\\.+
65 #defrag
66 +   SetValueKey C:\\WINDOWS\\system32\\dfrgntfs.exe HKLM\\SOFTWARE\\Microsoft\\Dfrg.*
67 +   DeleteValueKey  C:\\WINDOWS\\system32\\dfrgntfs.exe HKLM\\SOFTWARE\\Microsoft\\Dfrg.*
68 #windows update
69 +   SetValueKey C:\\WINDOWS\\system32\\wuauclt.exe  HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\Application\\ESENT\\.+
70 +   DeleteValueKey  C:\\WINDOWS\\system32\\wuauclt.exe  HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\Application\\ESENT\\.+
71 ###################################################
72 ### Internet Explorer 6.0 SP2           ###
73 ###################################################
74 +   OpenKey .*  .*
75 +   CreateKey   .*  .*
76 +   CloseKey    .*  .*
77 +   EnumerateKey    .*  .*
78 +   EnumerateValueKey   .*  .*
79 +   QueryValueKey   .*  .*
80 +   QueryKey    .*  .*
81 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\EUDC\\.+
82 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window_Placement
83 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Fullscreen
84 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\TypedURLs
85 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\Locked
86 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\International\\.+
87 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Security\\P3Global\\Enabled
88 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Extensions\\CmdMapping\\.+
89 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\.+
90 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.+
91 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\.+
92 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+
93 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState\\.+
94 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet
95 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName
96 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect
97 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass
98 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet
99 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\MigrateProxy
100 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable
101 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer
102 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
103 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\.+
104 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\.+
105 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.+
106 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU.+
107 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\ShellNoRoam\\Bags.+
108 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.+\\iexplore\\(Count|Time|Type)
109 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ParseAutoexec
110 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+
111 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\SystemCertificates\\.+
112 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Classes\\.+
113 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
114 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.+
115 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
116 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Passport\\.+
117 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+
118 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Direct3D.+
119 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\DirectDraw.+
120 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Cryptography\\RNG\\Seed
121 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\AudioCompressionManager\\.+
122 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\SystemCertificates\\.+
123 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
124 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.
125 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SYSTEM\\ControlSet001\\Hardware Profiles\\0001\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\ProxyEnable
126 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\EventLog\\.+
127 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\EUDC\\.+
128 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window_Placement
129 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Fullscreen
130 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\TypedURLs
131 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\Locked
132 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\International\\.+
133 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Security\\P3Global\\Enabled
134 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Extensions\\CmdMapping\\.+
135 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\.+
136 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.+
137 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\.+
138 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+
139 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState\\.+
140 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet
141 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName
142 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect
143 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass
144 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet
145 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\MigrateProxy
146 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable
147 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer
148 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
149 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\.+
150 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\.+
151 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.+
152 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU.+
153 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\ShellNoRoam\\Bags.+
154 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.+\\iexplore\\(Count|Time|Type)
155 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ParseAutoexec
156 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+
157 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\SystemCertificates\\.+
158 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Classes\\.+
159 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
160 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.+
161 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
162 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Passport\\.+
163 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+
164 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Direct3D.+
165 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\DirectDraw.+
166 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Cryptography\\RNG\\Seed
167 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\AudioCompressionManager\\.+
168 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\SystemCertificates\\.+
169 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
170 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.+
171 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SYSTEM\\ControlSet001\\Hardware Profiles\\0001\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\ProxyEnable
172 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\EventLog\\.+
173 +   DeleteKey   .*  .*
174 #Plugins
175 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Scrunch\\.+
176 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\MediaPlayer\\.+
177 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows Media\\.+
178 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Multimedia\\ActiveMovie\\.+
179 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\ActiveMovie\\.+
180 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\MPEG2Demultiplexer\\.+
181 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Multimedia\\msacm.imaadpcm\\.+
182 +   SetValueKey C:\\WINDOWS\\msagent\\agentsvr\.exe HKLM\\SOFTWARE\\Microsoft\\AudioCompressionManager\\DriverCache\\msacm.msadpcm\\.+
183 +   SetValueKey C:\\WINDOWS\\msagent\\agentsvr\.exe HKLM\\SOFTWARE\\Microsoft\\Microsoft Agent\\.+
184 +   SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\AppEvents\\Schemes\\Apps\\MSMSGS.*
185 +   SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\AppEvents\\EventLabels\\MSMsgs.+
186 +   SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\MSMSGS
187 +   SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe   HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+
188 +   SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+
189 +   SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+
190 +   SetValueKey C:\\WINDOWS\\system32\\svchost\.exe HKLM\\SOFTWARE\\Microsoft\\EventSystem\\.+\\Subscriptions\\.+
191 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Scrunch\\.+
192 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\MediaPlayer\\.+
193 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows Media\\.+
194 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Multimedia\\ActiveMovie\\.+
195 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\ActiveMovie\\.+
196 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\MPEG2Demultiplexer\\.+
197 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Multimedia\\msacm.imaadpcm\\.+
198 +   DeleteValueKey  C:\\WINDOWS\\msagent\\agentsvr\.exe HKLM\\SOFTWARE\\Microsoft\\AudioCompressionManager\\DriverCache\\msacm.msadpcm\\.+
199 +   DeleteValueKey  C:\\WINDOWS\\msagent\\agentsvr\.exe HKLM\\SOFTWARE\\Microsoft\\Microsoft Agent\\.+
200 +   DeleteValueKey  C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\AppEvents\\EventLabels\\MSMsgs.+
201 +   DeleteValueKey  C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\AppEvents\\Schemes\\Apps\\MSMSGS.*
202 +   DeleteValueKey  C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\MSMSGS
203 +   DeleteValueKey  C:\\Program Files\\Messenger\\msmsgs\.exe   HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+
204 +   DeleteValueKey  C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+
205 +   DeleteValueKey  C:\\Program Files\\Messenger\\msmsgs\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+
206 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost\.exe HKLM\\SOFTWARE\\Microsoft\\EventSystem\\.+\\Subscriptions\\.+
207
208
209 ###################################################
210 ### Honeyclient added/specific?         ###
211 ###################################################
212 +   SetValueKey .*  HKLM\\SOFTWARE\\Microsoft\\Cryptography\\RNG
213 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
214 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
215 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Main
216 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar
217 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings
218 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SYSTEM\\ControlSet001\\Hardware Profiles\\0001\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings
219 +   SetValueKey C:\\WINDOWS\\explorer\.exe  HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\Paths.*
220 +   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\Paths.*
221 +   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\SessionInformation
222 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings
223 +   SetValueKey System  HKLM\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_TDTCP\\0000\\Control
224 +   SetValueKey System  HKLM\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_RDPWD\\0000\\Control
225 +   DeleteValueKey  C:\\WINDOWS\\system32\\userinit\.exe    HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
226 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
227 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
228 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\Paths.*
229 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap
230 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings
231 +   DeleteValueKey  C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings
232 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKLM\\SYSTEM\\ControlSet001\\Hardware Profiles\\0001\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings
233 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections
234 +   SetValueKey C:\\WINDOWS\\system32\\wuauclt\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\Application\\ESENT
235 +   SetValueKey System  HKLM\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_CAPTUREFILEMONITOR.*
236 +   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\NetCache
237 +   DeleteValueKey  C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\NetCache
238 +   SetValueKey C:\\WINDOWS\\system32\\winlogon\.exe    HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList.*
239 +   SetValueKey C:\\WINDOWS\\system32\\services\.exe    HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
240 +   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon.*
241 +   SetValueKey C:\\Program Files\\Mozilla Firefox\\firefox\.exe    HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
242 +   SetValueKey C:\\Program Files\\Mozilla Firefox\\firefox\.exe    HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2.*
243 +   SetValueKey C:\\Program Files\\Mozilla Firefox\\firefox\.exe    HKLM\\SOFTWARE\\FullCircle\\TalkBack\\MozillaOrgFirefox2.*
244 +   SetValueKey C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\WBEM.*
245 +   SetValueKey C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe   HKLM\\SOFTWARE\\Microsoft\\WBEM.*
246 +   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe   HKLM\\SOFTWARE\\Microsoft\\WBEM.*
247 +   DeleteValueKey  C:\\WINDOWS\\system32\\svchost.exe  HKLM\\SOFTWARE\\Microsoft\\WBEM.*
248 +   SetValueKey C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SOFTWARE\\Microsoft\\WBEM.*
249 +   SetValueKey C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SYSTEM\\ControlSet001\\Services\\WmiApRpl\\Performance.*
250 +   SetValueKey C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib.*
251 +   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SOFTWARE\\Microsoft\\WBEM.*
252 +   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SYSTEM\\ControlSet001\\Services\\WmiApRpl\\Performance.*
253 +   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiadap.exe    HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib.*
254
255 #During debugging only
256
257 +   SetValueKey F:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\VCExpress\.exe  HKCU\\Software\\Microsoft\\VSCommon\\8.0.+
258
259
260 ###################################################
261 ### Minus List - General Malicious Activity ###
262 ###################################################
263 #Any modification to start/bootup sequence
264 -   SetValueKey .*  HLKM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run.*
265 -   DeleteValueKey  .*  HLKM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run.*
266 -   SetValueKey .*  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run.*
267 -   DeleteValueKey  .*  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run.*
268 -   SetValueKey .*  HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Run.*
269 -   DeleteValueKey  .*  HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Run.*
270 -   SetValueKey .*  HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Load.*
271 -   DeleteValueKey  .*  HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Load.*
272 -   SetValueKey .*  HLKM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit.*
273 -   DeleteValueKey  .*  HLKM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit.*
274 -   SetValueKey .*  HLKM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell.*
275 -   DeleteValueKey  .*  HLKM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell.*
276 -   SetValueKey .*  HLKM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run.*
277 -   DeleteValueKey  .*  HLKM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run.*
278 -   SetValueKey .*  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run.*
279 -   DeleteValueKey  .*  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run.*
280 -   SetValueKey .*  HLKM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\BootExecute.*
281 -   DeleteValueKey  .*  HLKM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\BootExecute.*
282 -   SetValueKey .*  HLKM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\.*
283 -   DeleteValueKey  .*  HLKM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\.*
284
285
286 #### HONEYCLIENT AUTO EXCLUDE SCRIPT
287 +   SetValueKey C:\\Program Files\\Windows Media Player\\wmplayer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2.*
288 +   SetValueKey C:\\Program Files\\Windows Media Player\\setup_wm\.exe  HKLM\\SOFTWARE\\Microsoft\\MediaPlayer
289 +   SetValueKey C:\\Program Files\\Windows Media Player\\wmplayer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
290 +   SetValueKey C:\\Program Files\\Windows Media Player\\wmplayer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap
291 #### HONEYCLIENT AUTO EXCLUDE SCRIPT
292 +   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Macromedia\\FlashPlayer
293 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Macromedia\\FlashPlayer
294 +   SetValueKey System  HKLM\\SYSTEM\\ControlSet001\\Enum\\Root\\LEGACY_HTTP\\0000\\Control
295 #### Honeyclient manual add (per ticket #49) Obv things could be combined into more compact regex, but don't want to for now
296 +   SetValueKey C:\\Program Files\\Windows Media Player\\setup_wm\.exe  HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
297 +   SetValueKey C:\\Program Files\\Windows Media Player\\setup_wm\.exe  HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
298 +   SetValueKey C:\\Program Files\\Windows Media Player\\setup_wm\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints.+
299 +   SetValueKey C:\\Program Files\\Windows Media Player\\setup_wm\.exe  HKLM\\SOFTWARE\\Microsoft\\MediaPlayer\\services
300 #### Honeyclient manual add (per ticket #128)
301 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\\.css\\OpenWithList
302 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\\.css\\OpenWithProgids
303 #### Honeyclient manual add from different SP2 image
304 +   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
305 +   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
306 +   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\System\\Print
307 +   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
308 +   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\System\\TCPMon
309 +   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers
310 +   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print
311 +   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
312 +   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print\\Printers
313 +   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print\\Providers
314
315 #### HONEYCLIENT AUTO EXCLUDE SCRIPT
316 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Security\\AntiPhishing\\.+
317 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\CTF\\TIP\\.*\\LanguageProfile\\.+
318 +   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Zoom
Note: See TracBrowser for help on using the browser.