Changeset 1516

Show
Ignore:
Timestamp:
04/11/08 11:42:39 (1 month ago)
Author:
xkovah
Message:

a couple more misc ctfmon.exe entries

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/trunk/thirdparty/capture-mod/RegistryMonitor.exl

    r1515 r1516  
    386386+   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\CTF\\LangBar 
    387387 
    388 #NOTE: looks like a liketely bug value (translation not getting done) 
     388#NOTE: looks like a likely bug value (translation not getting done) 
    389389+   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  \\REGIS 
     390 
     391#### HONEYCLIENT AUTO EXCLUDE SCRIPT 
     392+   DeleteValueKey  C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run 
     393+   SetValueKey C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run