HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run "wosa" = %TEMP%WOSO.EXE "mhsa" = %TEMP%MHSO.EXE "Microsoft Autorun14" = %SYSTEM%\ZTINETZT.EXE "rxsa" = %TEMP%RXSO.EXE "qjsa" = %TEMP%QJSO.EXE "Microsoft Autorun9" = %SYSTEM%\RAVASKTAO.EXE "tlsa" = %TEMP%TLSO.EXE "dasa" = %TEMP%DASO.EXE "wlsa" = %TEMP%WLSO.EXE "wgsa" = %TEMP%WGSO.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "visin" = %SYSTEM%\VISIN.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks "{0EA66AD2-CF26-2E23-532B-B292E22F3266}" = "{754FB7D8-B8FE-4810-B363-A788CD060F1F}" =
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nm (Display Name)Network Monitor Driver = (IMAGEPATH)SYSTEM32\DRIVERS\NMNT.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF (Display Name)NetGroup Packet Filter Driver = (IMAGEPATH)SYSTEM32\DRIVERS\NPF.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpcapd (Display Name)Remote Packet Capture Protocol v.0 (experimental) = (IMAGEPATH)"%PROGRAMFILES%\WINPCAP\RPCAPD.EXE" -D -F "%PROGRAMFILES%\WINPCAP\RPCAPD.INI"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EA66AD2-CF26-2E23-532B-B292E22F3266} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{754FB7D8-B8FE-4810-B363-A788CD060F1F} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{944AD531-B09D-11CE-B59C-00AA006CB37D} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D413C502-3FAA-11D0-B254-444553540000} |