I analyze a sample of conficker, and I found there is method this malware used to hiding service registry's entrys
there is no UserMode/KernelMode API/SysCall hook as I seen by tools like Rootkit Unhooker,XueTr, gmer, ... relate to Registry
and also I looking for Registry filter driver by using XueTr and Kernel Detective, but Unfortunately with no luck.
if anyone analyze this malware can help to understand what technique used.
the hash of my sample is: c3852074ee50da92c2857d24471747d9,